Details

    • Bug
    • Status: Closed (View Workflow)
    • Major
    • Resolution: Fixed
    • None
    • 2.1
    • None
    • None

    Description

      MySQL has a client side plugin to prevent password hashing. This is required when using PAM authentication.

      From the documentation -
      The mysql_options() C API function supports a MYSQL_ENABLE_CLEARTEXT_PLUGIN option that enables the plugin on a per-connection basis.

      Is there something similar in MariaDB. Using the same option gives an error.

      Attachments

        Issue Links

          Activity

            MariaDB has MySQL's "cleartext" plugin, but we don't use it. This plugin is only used by the MySQL closed source PAM plugin. That plugin has incomplete PAM implementation, that only allows pam modules to ask for a password.

            Our PAM plugin uses "dialog" plugin, and implements PAM fully, supporting any number of arbitrary prompts and questions. See https://kb.askmonty.org/en/pam-authentication-plugin/ and http://blog.mariadb.org/security-with-two-step-verification/

            serg Sergei Golubchik added a comment - MariaDB has MySQL's "cleartext" plugin, but we don't use it. This plugin is only used by the MySQL closed source PAM plugin. That plugin has incomplete PAM implementation, that only allows pam modules to ask for a password. Our PAM plugin uses "dialog" plugin, and implements PAM fully, supporting any number of arbitrary prompts and questions. See https://kb.askmonty.org/en/pam-authentication-plugin/ and http://blog.mariadb.org/security-with-two-step-verification/

            let's still add a constant to the library, so that other clients wouldn't get an error by using it.

            serg Sergei Golubchik added a comment - let's still add a constant to the library, so that other clients wouldn't get an error by using it.

            Will the constant just be a dummy value to prevent compilation errors?

            janani_87 Janani SriGuha added a comment - Will the constant just be a dummy value to prevent compilation errors?

            yes. there will be no filter on plugin names. a cleartext plugin will be loaded if it is available and the server has requested it, independently from this option settings.

            serg Sergei Golubchik added a comment - yes. there will be no filter on plugin names. a cleartext plugin will be loaded if it is available and the server has requested it, independently from this option settings.
            georg Georg Richter added a comment -

            Fixed in rev. 183

            georg Georg Richter added a comment - Fixed in rev. 183

            People

              georg Georg Richter
              janani_87 Janani SriGuha
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.