Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-11340

Allow multiple alternative authentication methods for the same user

    XMLWordPrintable

Details

    • 10.4.0-1

    Description

      In some cases there is a need to authenticate the same user in different means, more specifically multiple different authentications methods, or IDENTIFIED BY clauses for the same user. The adjusted CREATE USER syntax would allow multiple IDENTIFIED BY sections for one single user.

      Questions:

      • What logic should be applied? All of authentication methods should succeed? One of them should succeed? Should we allow complex rules like (first_auth OR second_auth) AND third_auth ? Or, instead of AND/OR may be we should go with PAM model or sufficient/required/etc?
      • What syntax should be used?
      • stuff like SET PASSWORD — will they be not allowed? allowed? if allowed, how will they work?
      • where the new authentication rules will be stored, in what table, what columns?

      Attachments

        Issue Links

          blocks

          Bug - A problem which impairs or prevents the functions of the product. MDEV-8375 Debian: Passwordless mysqld root login via socket auth bugfixing

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed

          Task - A task that needs to be done. MDEV-12484 Enable unix socket authentication by default

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed
          causes

          Bug - A problem which impairs or prevents the functions of the product. MDEV-21928 ALTER USER doesn't remove excess authentication plugins from mysql.global_priv

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed

          New Feature - A new feature of the product, which has yet to be developed. MDEV-21929 Enhance ALTER USER for multiple authentication methods

          • Major - Major loss of function.
          • Open
          is blocked by

          Task - A task that needs to be done. MDEV-17658 change the structure of mysql.user table

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed
          relates to

          Task - A task that needs to be done. CONJ-675 Multiple alternative authentication methods for the same user java implementation

          • Major - Major loss of function.
          • Closed

          New Feature - A new feature of the product, which has yet to be developed. MDEV-12320 configurable default authentication plugin for the server

          • Critical - Crashes, loss of data, severe memory leak.
          • Stalled

          Task - A task that needs to be done. MDEV-12321 authentication plugin: SET PASSWORD support

          • Major - Major loss of function.
          • Closed

          Task - A task that needs to be done. MDEV-12715 remove mysql.user.password column

          • Major - Major loss of function.
          • Closed

          Task - A task that needs to be done. MDEV-11328 provide a user administration to not allow user to change password

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Open

          Activity

            People

              serg Sergei Golubchik
              karlsson Anders Karlsson
              Votes:
              1 Vote for this issue
              Watchers:
              16 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.