Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-18297

Document in detail the new authentication in 10.4 -- tables, views, common scenarios, troubleshooting, etc.

    XMLWordPrintable

    Details

      Description

      I don't know if we even have the old way documented somewhere in the KB, but this knowledge can be easily obtained online from multiple sources, and it boils down to

      • restart server with skip-grant-tables
      • run update mysql.user set password='' where user='root'
      • run flush privileges

      It doesn't work anymore, obviously. I don't yet know how it's supposed to be done now. I found some way, which is to update mysql.global_priv.Priv to set it to the same long JSON as it is, but to replace the authentication string; but I hope it's not the right way, because it's ugly.


      Later update

      The issue has become more serious after introducing multiple authentication and unix_socket by default. It is neither intuitive nor familiar, so it needs to be documented fully, covering all common scenarios and typical situations, including, but not limited to,

      • how to connect to the server after installing the server system-wide (used to be -uroot without the password or with the password set upon installation, not anymore);
      • how to connect to the server after installing the server locally, under a non-root user (used to be -uroot without the password or with the password set upon installation, not anymore);
      • what, if any, considerations regarding compilation options need to be made when compiling the server from source;
      • how to troubleshoot and fix the broken auth info (used to be via -skip-grant-tables + flush privileges, not anymore);
      • how to see all users' configuration (used to be select user, host, plugin, ... from mysql.user, not anymore);
      • how to reset the password if unix_socket can't be used (used to be via mysql.user update, see comments, but fix the syntax of the suggested update);
      • how to update users in bulk (used to be via mysql.user update, probably not anymore);
        ...

      This must be done before 10.4.3 RC is released

      The documentation must be the first hit in the KB by most obvious key words, e.g. by search for "authentication" and such.
      The page must be linked to from the release notes, and the changes need to be emphasized in all possible ways.

      It is especially important since when users seek help in regard to authentication problems, most often they end up with the information related to MySQL.

        Attachments

          Activity

            People

            • Assignee:
              greenman Ian Gilfillan
              Reporter:
              elenst Elena Stepanova
            • Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

              • Created:
                Updated: