Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-10956

Strict Password Validation Breaks Replication

    XMLWordPrintable

Details

    • 10.1.19, 10.1.20, 10.1.21

    Description

      With strict password validation being enabled by default (and also have a password validation plugin enabled), changing a password will break replication.

      SET PASSWORD FOR 'w'@'localhost' = PASSWORD('PLAINtext-password!!99');


      Last_SQL_Error: Error 'The MariaDB server is running with the --strict-password-validation option so it cannot execute this statement' on query. Default database: ''. Query: 'SET PASSWORD FOR 'w'@'localhost'='*4045DC6C4FBF96E66F67118A73C6A85EB2BF28A9''

      The password is written to the binary log as a hash, which strict password validation prevents.

      A possible workaround seems to be to disable strict password validation and then re-enable it after the password change events:

      STOP SLAVE;
      		 
      SET GLOBAL strict_password_validation = OFF;
      		 
      START SLAVE;
      		 
      -- wait
      		 
      SET GLOBAL strict_password_validation = ON;

      It seems like there should be a "exemption" of some sort in the password validation plugins to allow these events from a master so slaves don't break.

      Attachments

        Activity

          People

            holyfoot Alexey Botchkov
            wfong Will Fong
            Votes:
            2 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.