Mysql 大量 unauthenticated user




1 When a new client connects to mysqld, mysqld spawns a new thread to handle the request. This thread first checks whether the host name is in the host name cache. If not, the thread attempts to resolve the host name:
3 The thread takes the IP address and resolves it to a host name (using gethostbyaddr()). It then takes that host name and resolves it back to the IP address (using gethostbyname()) and compares to ensure it is the original IP address.



即:先作反向解析IP>Hostname,然后作Hostname>IP的正向解析。如果结果符合,则验证为合法用户允许登录,如果不符合则定义为“unauthenticated user”。


1 eg: If your client machine is called '' with IP, you might set up grants on your remote MySQL server like this:
3 grant select on dbname.* to [email][/email] identified by 'somepassword'
5 But when you try to connect from you find you get the error "Host '' is not allowed to connect to this MySQL server"
7 This is because a reverse lookup of may in fact return a fully qualified domain name of, ie something *other* than
9 So stick to granting access by IP, not hostname, unless your forward and reverse lookups match.




所以建议创建用户权限的时候,不要使用hostname作为限制而是直接用IP;更干脆的话就主机不配置DNS Server。

手册中的解释是:unauthenticated user refers to a thread that has become associated with a client connection but for which authentication of the client user has not yet been done。意即:有一个线程在处理客户端的连接,但是该客户端还没通过用户验证。


  1. 在 hosts 中添加客户端ip,如  yejr
  2. MySQL启动参数增加一个skip-name-resolve,即不启用DNS反响解析
  3. 服务器的线程还处于排队状态,因此可以加大 back_log


The number of outstanding connection requests MySQL can have. This comes into play when the main MySQL thread gets very many connection requests in a very short time. It then takes some time (although very little) for the main thread to check the connection and start a new thread. The back_log value indicates how many requests can be stacked during this short time before MySQL momentarily stops answering new requests. You need to increase this only if you expect a large number of connections in a short period of time.

In other words, this value is the size of the listen queue for incoming TCP/IP connections. Your operating system has its own limit on the size of this queue. The manual page for the Unix listen() system call should have more details. Check your OS documentation for the maximum value for this variable. back_log cannot be set higher than your operating system limit.




posted @ 2010-09-14 11:35  sunss  阅读(739)  评论(0编辑  收藏  举报