[MDEV-12834] mysql_secure_installation should ask about unix_socket authentication - Jira

Details

Type: Task
Status: Closed (View Workflow)
Priority: Critical
Resolution: Fixed
Fix Version/s: 10.4.3
Component/s: Authentication and Privilege System, Plugin - unix_socket, Scripts & Clients
Labels:

Description

As part of ~~MDEV-12484~~, it might be worth changing mysql_secure_installation to ask the user if they want to configure 'root'@'localhost' to use unix_socket authentication. If the user answers 'yes', then the tool should probably not also set a password for that user account.

Attachments

Issue Links

relates to

MDEV-12484 Enable unix socket authentication by default

Closed

MDEV-12484 Enable unix socket authentication by default

Closed

Activity

Ascending order - Click to sort in descending order

Geoff Montee (Inactive) created issue - 2017-05-17 19:31

Geoff Montee (Inactive) made changes - 2017-05-17 19:31

Field	Original Value	New Value
Link		This issue relates to ~~MDEV-12484~~ [ ~~MDEV-12484~~ ]

Daniel Black added a comment - 2017-05-17 22:24

Why should a less secure password option be given to the user? After all unix socket with ties the authention of the root db user directly to the most privileged Unix user rather than a password that can be shared or lost. Users can create another user for super access.

Daniel Black added a comment - 2017-05-17 22:24 Why should a less secure password option be given to the user? After all unix socket with ties the authention of the root db user directly to the most privileged Unix user rather than a password that can be shared or lost. Users can create another user for super access.

Geoff Montee (Inactive) added a comment - 2017-05-17 22:31

Hi danblack,

Why should a less secure password option be given to the user? After all unix socket with ties the authention of the root db user directly to the most privileged Unix user rather than a password that can be shared or lost. Users can create another user for super access.

I don't entirely follow what you mean. Right now, mysql_secure_installation asks the user if they would like to set a password for the root@localhost account. I am suggesting that it should ask the user if they would like to make the root@localhost account use unix_socket authentication instead of a password. As far as I can tell, this seems to be the opposite of what you think this issue means (i.e. "a less secure password option"). Are you suggesting that you think unix_socket authentication is less secure than a password?

If I misunderstood something, please feel free to clarify.

Geoff Montee (Inactive) added a comment - 2017-05-17 22:31 Hi danblack , Why should a less secure password option be given to the user? After all unix socket with ties the authention of the root db user directly to the most privileged Unix user rather than a password that can be shared or lost. Users can create another user for super access. I don't entirely follow what you mean. Right now, mysql_secure_installation asks the user if they would like to set a password for the root@localhost account. I am suggesting that it should ask the user if they would like to make the root@localhost account use unix_socket authentication instead of a password. As far as I can tell, this seems to be the opposite of what you think this issue means (i.e. "a less secure password option"). Are you suggesting that you think unix_socket authentication is less secure than a password? If I misunderstood something, please feel free to clarify.

Sergei Golubchik made changes - 2017-05-24 10:43

Fix Version/s

10.3 [ 22126 ]

Daniel Black added a comment - 2017-12-18 22:49

Looking back, I'm fairly sure I misunderstood completely. Sorry.

Daniel Black added a comment - 2017-12-18 22:49 Looking back, I'm fairly sure I misunderstood completely. Sorry.

Julien Fritsch made changes - 2017-12-28 12:37

Assignee

Ralf Gebhardt [ ralf.gebhardt@mariadb.com ]

Ralf Gebhardt made changes - 2018-06-07 14:16

Link

This issue relates to ~~MDEV-12484~~ [ ~~MDEV-12484~~ ]

Ralf Gebhardt made changes - 2018-06-07 14:17

Assignee

Ralf Gebhardt [ ralf.gebhardt@mariadb.com ]

Rasmus Johansson (Inactive) made changes - 2018-07-04 07:57

Assignee

Vladislav Vaintroub [ wlad ]

Julien Fritsch made changes - 2018-07-05 12:56

Epic Link

PT-73 [ 68549 ]

Ralf Gebhardt made changes - 2018-08-23 13:07

Rank

Ranked higher

Ralf Gebhardt made changes - 2018-11-10 20:31

Link

This issue relates to ~~MDEV-12484~~ [ ~~MDEV-12484~~ ]

Ralf Gebhardt made changes - 2018-12-24 10:41

Fix Version/s

10.4 [ 22408 ]

Vladislav Vaintroub made changes - 2019-01-18 15:51

Assignee

Vladislav Vaintroub [ wlad ]

Sergei Golubchik made changes - 2019-01-18 17:27

Assignee

Sergei Golubchik [ serg ]

Sergei Golubchik made changes - 2019-01-18 17:28

Link

This issue relates to ~~MDEV-12484~~ [ ~~MDEV-12484~~ ]

Sergei Golubchik made changes - 2019-02-05 18:49

Priority

Major [ 3 ]

Critical [ 2 ]

Sergei Golubchik made changes - 2019-02-07 14:23

Status

Open [ 1 ]

In Progress [ 3 ]

Sergei Golubchik made changes - 2019-02-07 14:24

Status

In Progress [ 3 ]

Stalled [ 10000 ]

Sergei Golubchik made changes - 2019-02-12 18:18

Fix Version/s		10.4.3 [ 23230 ]
Fix Version/s	10.4 [ 22408 ]
Resolution		Fixed [ 1 ]
Status	Stalled [ 10000 ]	Closed [ 6 ]

Sergei Golubchik made changes - 2021-12-06 21:23

Workflow

MariaDB v3 [ 80826 ]

MariaDB v4 [ 133258 ]

Jira Automation (IT) made changes - 2024-07-04 08:23

Zendesk Related Tickets

172650

People

Assignee:: Sergei Golubchik

Reporter:: Geoff Montee (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 2017-05-17 19:31

Updated:: 2024-07-08 00:57

Resolved:: 2019-02-12 18:18

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.

MariaDB Server

Details

Description

Attachments

Issue Links

Activity

People

Dates

Git Integration