[MDEV-12834] mysql_secure_installation should ask about unix_socket authentication - Jira

Details

Type: Task
Status: Closed (View Workflow)
Priority: Critical
Resolution: Fixed
Fix Version/s: 10.4.3
Component/s: Authentication and Privilege System, Plugin - unix_socket, Scripts & Clients
Labels:

Description

As part of ~~MDEV-12484~~, it might be worth changing mysql_secure_installation to ask the user if they want to configure 'root'@'localhost' to use unix_socket authentication. If the user answers 'yes', then the tool should probably not also set a password for that user account.

Attachments

Issue Links

relates to

MDEV-12484 Enable unix socket authentication by default

Closed

MDEV-12484 Enable unix socket authentication by default

Closed

Activity

Ascending order - Click to sort in descending order

Daniel Black added a comment - 2017-05-17 22:24

Why should a less secure password option be given to the user? After all unix socket with ties the authention of the root db user directly to the most privileged Unix user rather than a password that can be shared or lost. Users can create another user for super access.

Daniel Black added a comment - 2017-05-17 22:24 Why should a less secure password option be given to the user? After all unix socket with ties the authention of the root db user directly to the most privileged Unix user rather than a password that can be shared or lost. Users can create another user for super access.

Geoff Montee (Inactive) added a comment - 2017-05-17 22:31

Hi danblack,

Why should a less secure password option be given to the user? After all unix socket with ties the authention of the root db user directly to the most privileged Unix user rather than a password that can be shared or lost. Users can create another user for super access.

I don't entirely follow what you mean. Right now, mysql_secure_installation asks the user if they would like to set a password for the root@localhost account. I am suggesting that it should ask the user if they would like to make the root@localhost account use unix_socket authentication instead of a password. As far as I can tell, this seems to be the opposite of what you think this issue means (i.e. "a less secure password option"). Are you suggesting that you think unix_socket authentication is less secure than a password?

If I misunderstood something, please feel free to clarify.

Geoff Montee (Inactive) added a comment - 2017-05-17 22:31 Hi danblack , Why should a less secure password option be given to the user? After all unix socket with ties the authention of the root db user directly to the most privileged Unix user rather than a password that can be shared or lost. Users can create another user for super access. I don't entirely follow what you mean. Right now, mysql_secure_installation asks the user if they would like to set a password for the root@localhost account. I am suggesting that it should ask the user if they would like to make the root@localhost account use unix_socket authentication instead of a password. As far as I can tell, this seems to be the opposite of what you think this issue means (i.e. "a less secure password option"). Are you suggesting that you think unix_socket authentication is less secure than a password? If I misunderstood something, please feel free to clarify.

Daniel Black added a comment - 2017-12-18 22:49

Looking back, I'm fairly sure I misunderstood completely. Sorry.

Daniel Black added a comment - 2017-12-18 22:49 Looking back, I'm fairly sure I misunderstood completely. Sorry.

People

Assignee:: Sergei Golubchik

Reporter:: Geoff Montee (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 2017-05-17 19:31

Updated:: 2024-07-08 00:57

Resolved:: 2019-02-12 18:18

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.

MariaDB Server