As part of MDEV-12484, it might be worth changing mysql_secure_installation to ask the user if they want to configure 'root'@'localhost' to use unix_socket authentication. If the user answers 'yes', then the tool should probably not also set a password for that user account.
Attachments
Issue Links
relates to
MDEV-12484Enable unix socket authentication by default
Closed
MDEV-12484Enable unix socket authentication by default
Why should a less secure password option be given to the user? After all unix socket with ties the authention of the root db user directly to the most privileged Unix user rather than a password that can be shared or lost. Users can create another user for super access.
Daniel Black
added a comment - Why should a less secure password option be given to the user? After all unix socket with ties the authention of the root db user directly to the most privileged Unix user rather than a password that can be shared or lost. Users can create another user for super access.
Why should a less secure password option be given to the user? After all unix socket with ties the authention of the root db user directly to the most privileged Unix user rather than a password that can be shared or lost. Users can create another user for super access.
I don't entirely follow what you mean. Right now, mysql_secure_installation asks the user if they would like to set a password for the root@localhost account. I am suggesting that it should ask the user if they would like to make the root@localhost account use unix_socket authentication instead of a password. As far as I can tell, this seems to be the opposite of what you think this issue means (i.e. "a less secure password option"). Are you suggesting that you think unix_socket authentication is less secure than a password?
If I misunderstood something, please feel free to clarify.
Geoff Montee (Inactive)
added a comment - Hi danblack ,
Why should a less secure password option be given to the user? After all unix socket with ties the authention of the root db user directly to the most privileged Unix user rather than a password that can be shared or lost. Users can create another user for super access.
I don't entirely follow what you mean. Right now, mysql_secure_installation asks the user if they would like to set a password for the root@localhost account. I am suggesting that it should ask the user if they would like to make the root@localhost account use unix_socket authentication instead of a password. As far as I can tell, this seems to be the opposite of what you think this issue means (i.e. "a less secure password option"). Are you suggesting that you think unix_socket authentication is less secure than a password?
If I misunderstood something, please feel free to clarify.
Task
Critical
Why should a less secure password option be given to the user? After all unix socket with ties the authention of the root db user directly to the most privileged Unix user rather than a password that can be shared or lost. Users can create another user for super access.