Uploaded image for project: 'MariaDB Connector/C'
  1. MariaDB Connector/C
  2. CONC-25

support for mysql cleartext plugin

Details

    • Bug
    • Status: Closed (View Workflow)
    • Major
    • Resolution: Fixed
    • None
    • 2.1
    • None
    • None

    Description

      MySQL has a client side plugin to prevent password hashing. This is required when using PAM authentication.

      From the documentation -
      The mysql_options() C API function supports a MYSQL_ENABLE_CLEARTEXT_PLUGIN option that enables the plugin on a per-connection basis.

      Is there something similar in MariaDB. Using the same option gives an error.

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. MDEV-4574 Missing connection option MYSQL_ENABLE_CLEARTEXT_PLUGIN

          • Major - Major loss of function.
          • Closed

          Task - A task that needs to be done. MDEV-4636 use mysql_cleartext_plugin from auth_pam

          • Major - Major loss of function.
          • Closed

          Activity

            Ascending order - Click to sort in descending order
            serg Sergei Golubchik added a comment -

            MariaDB has MySQL's "cleartext" plugin, but we don't use it. This plugin is only used by the MySQL closed source PAM plugin. That plugin has incomplete PAM implementation, that only allows pam modules to ask for a password.

            Our PAM plugin uses "dialog" plugin, and implements PAM fully, supporting any number of arbitrary prompts and questions. See https://kb.askmonty.org/en/pam-authentication-plugin/ and http://blog.mariadb.org/security-with-two-step-verification/

            serg Sergei Golubchik added a comment - MariaDB has MySQL's "cleartext" plugin, but we don't use it. This plugin is only used by the MySQL closed source PAM plugin. That plugin has incomplete PAM implementation, that only allows pam modules to ask for a password. Our PAM plugin uses "dialog" plugin, and implements PAM fully, supporting any number of arbitrary prompts and questions. See https://kb.askmonty.org/en/pam-authentication-plugin/ and http://blog.mariadb.org/security-with-two-step-verification/
            serg Sergei Golubchik added a comment -

            let's still add a constant to the library, so that other clients wouldn't get an error by using it.

            serg Sergei Golubchik added a comment - let's still add a constant to the library, so that other clients wouldn't get an error by using it.
            janani_87 Janani SriGuha added a comment -

            Will the constant just be a dummy value to prevent compilation errors?

            janani_87 Janani SriGuha added a comment - Will the constant just be a dummy value to prevent compilation errors?
            serg Sergei Golubchik added a comment -

            yes. there will be no filter on plugin names. a cleartext plugin will be loaded if it is available and the server has requested it, independently from this option settings.

            serg Sergei Golubchik added a comment - yes. there will be no filter on plugin names. a cleartext plugin will be loaded if it is available and the server has requested it, independently from this option settings.
            georg Georg Richter added a comment -

            Fixed in rev. 183

            georg Georg Richter added a comment - Fixed in rev. 183

            People

              georg Georg Richter
              janani_87 Janani SriGuha
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.