Define a simple interface to be able to implement authentication and authorization.

[ajnavarro]

Right now we just should able to implement a basic MySQL auth implementation, with users and passwords on a config file, but that interface must be prepared to do integrations in the future with LDAP, and Kerberos.

Also, audit logs showing who is executing which query should be taken in mind too.

[jfontan]

Vitess already defines authentication mechanisms and comes with several methods:

• Static: The currently used mechanism. Right now on start it add only one user but users could be loaded from a json file: https://github.com/src-d/gitbase/blob/master/vendor/gopkg.in/src-d/go-vitess.v1/mysql/auth_server_static.go#L35
• LDAP: It already comes with an ldap auth diver: https://github.com/src-d/gitbase/blob/master/vendor/gopkg.in/src-d/go-vitess.v1/mysql/ldapauthserver/auth_server_ldap.go

I have to check if it's possible to save hashes of passwords with salt instead of plain text. It seems feasible as the salt is sent by the server:

https://github.com/src-d/gitbase/blob/master/vendor/gopkg.in/src-d/go-vitess.v1/mysql/auth_server_static.go#L183-L186

[jfontan]

Also, it seems feasible to change the authentication method. Right now it uses mysql_native_password and some new software complains as it tries to use a newer one caching_sha2_password.

https://dev.mysql.com/doc/refman/8.0/en/caching-sha2-pluggable-authentication.html