Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-10956

Strict Password Validation Breaks Replication

    XMLWordPrintable

    Details

    • Sprint:
      10.1.19, 10.1.20, 10.1.21

      Description

      With strict password validation being enabled by default (and also have a password validation plugin enabled), changing a password will break replication.

      SET PASSWORD FOR 'w'@'localhost' = PASSWORD('PLAINtext-password!!99');
      

      Last_SQL_Error: Error 'The MariaDB server is running with the --strict-password-validation option so it cannot execute this statement' on query. Default database: ''. Query: 'SET PASSWORD FOR 'w'@'localhost'='*4045DC6C4FBF96E66F67118A73C6A85EB2BF28A9''
      

      The password is written to the binary log as a hash, which strict password validation prevents.

      A possible workaround seems to be to disable strict password validation and then re-enable it after the password change events:

      STOP SLAVE;
      SET GLOBAL strict_password_validation = OFF;
      START SLAVE;
      -- wait
      SET GLOBAL strict_password_validation = ON;
      

      It seems like there should be a "exemption" of some sort in the password validation plugins to allow these events from a master so slaves don't break.

        Attachments

          Activity

            People

            Assignee:
            holyfoot Alexey Botchkov
            Reporter:
            wfong Will Fong
            Votes:
            2 Vote for this issue
            Watchers:
            5 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: