With the update of the pam authentication plugin from 1.0 to 2.0 in MariaDB 10.4, do we also want to change the default PAM service name from "mysql" to "mariadb"?
may be. But it needs to be carefully done to make sure nothing breaks on upgrades.
E.g. if there are users that use PAM plugin and PAM service name is not specified, do an update to set the service name to mysql for all existing users.
Hmm, this will still break new users created to use PAM plugin without a service name.
Sergei Golubchik
added a comment - may be. But it needs to be carefully done to make sure nothing breaks on upgrades.
E.g. if there are users that use PAM plugin and PAM service name is not specified, do an update to set the service name to mysql for all existing users.
Hmm, this will still break new users created to use PAM plugin without a service name.
What if this change were implemented as a new system variable?
The new system variable could be called something like "pam_default_service". The PAM service identified by this system variable could be used for any users where plugin='pam', but authentication_string is not set. The system variable's default value in 10.5 could be "mariadb", but if a user relied on the behavior from 10.4 and before, then they could just set this variable's value to "mysql."
Geoff Montee (Inactive)
added a comment - What if this change were implemented as a new system variable?
The new system variable could be called something like "pam_default_service". The PAM service identified by this system variable could be used for any users where plugin='pam', but authentication_string is not set. The system variable's default value in 10.5 could be "mariadb", but if a user relied on the behavior from 10.4 and before, then they could just set this variable's value to "mysql."
Why should we change it at all? I mean, if we do it, and it breaks authentication on upgrade for some user and that user asks why we've changed it, what should be the answer?
Sergei Golubchik
added a comment - Why should we change it at all? I mean, if we do it, and it breaks authentication on upgrade for some user and that user asks why we've changed it, what should be the answer?
I don't really see any technical reason to change the default PAM service name from mysql to mariadb. I see that change more for the purpose of trying to build MariaDB's branding, and trying to rely less on MySQL's branding. Maybe that reason is not a good enough reason to potentially break authentication for some users after they upgrade.
I can think of technical reasons to add a new variable like pam_default_service. Some users determine that the system default "password-auth" or "system-auth" PAM services work with MariaDB and meet their requirements, so being able to configure the default PAM service could offer these users more flexibility.
Geoff Montee (Inactive)
added a comment - I don't really see any technical reason to change the default PAM service name from mysql to mariadb. I see that change more for the purpose of trying to build MariaDB's branding, and trying to rely less on MySQL's branding. Maybe that reason is not a good enough reason to potentially break authentication for some users after they upgrade.
I can think of technical reasons to add a new variable like pam_default_service. Some users determine that the system default "password-auth" or "system-auth" PAM services work with MariaDB and meet their requirements, so being able to configure the default PAM service could offer these users more flexibility.
Let's first establish that we want to do it in the first place. And describe the upgrade procedure here, in the MDEV.
Sergei Golubchik
added a comment - Let's first establish that we want to do it in the first place. And describe the upgrade procedure here, in the MDEV.
People
Unassigned
Geoff Montee (Inactive)
Votes:
0Vote for this issue
Watchers:
6Start watching this issue
Dates
Created:
Updated:
Git Integration
Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.
{"report":{"fcp":1458.6000003814697,"ttfb":592.6999998092651,"pageVisibility":"visible","entityId":72026,"key":"jira.project.issue.view-issue","isInitial":true,"threshold":1000,"elementTimings":{},"userDeviceMemory":8,"userDeviceProcessors":64,"apdex":0.5,"journeyId":"9074e23a-e0eb-47e9-8208-42096b97d960","navigationType":0,"readyForUser":1540.5,"redirectCount":0,"resourceLoadedEnd":1503.4000005722046,"resourceLoadedStart":609.1000003814697,"resourceTiming":[{"duration":260,"initiatorType":"link","name":"https://jira.mariadb.org/s/2c21342762a6a02add1c328bed317ffd-CDN/lu2bv2/820016/12ta74/0a8bac35585be7fc6c9cc5a0464cd4cf/_/download/contextbatch/css/_super/batch.css","startTime":609.1000003814697,"connectEnd":0,"connectStart":0,"domainLookupEnd":0,"domainLookupStart":0,"fetchStart":609.1000003814697,"redirectEnd":0,"redirectStart":0,"requestStart":0,"responseEnd":869.1000003814697,"responseStart":0,"secureConnectionStart":0},{"duration":260.4000005722046,"initiatorType":"link","name":"https://jira.mariadb.org/s/7ebd35e77e471bc30ff0eba799ebc151-CDN/lu2bv2/820016/12ta74/2380add21a9a1006587582385952de73/_/download/contextbatch/css/jira.browse.project,project.issue.navigator,jira.view.issue,jira.general,jira.global,atl.general,-_super/batch.css?agile_global_admin_condition=true&jag=true&jira.create.linked.issue=true&slack-enabled=true","startTime":609.5,"connectEnd":0,"connectStart":0,"domainLookupEnd":0,"domainLookupStart":0,"fetchStart":609.5,"redirectEnd":0,"redirectStart":0,"requestStart":0,"responseEnd":869.9000005722046,"responseStart":0,"secureConnectionStart":0},{"duration":374,"initiatorType":"script","name":"https://jira.mariadb.org/s/e9b27a47da5fb0f74a35acd57e9847fb-CDN/lu2bv2/820016/12ta74/0a8bac35585be7fc6c9cc5a0464cd4cf/_/download/contextbatch/js/_super/batch.js?locale=en","startTime":609.9000005722046,"connectEnd":609.9000005722046,"connectStart":609.9000005722046,"domainLookupEnd":609.9000005722046,"domainLookupStart":609.9000005722046,"fetchStart":609.9000005722046,"redirectEnd":0,"redirectStart":0,"requestStart":872.4000005722046,"responseEnd":983.9000005722046,"responseStart":883.8000001907349,"secureConnectionStart":609.9000005722046},{"duration":570.4000005722046,"initiatorType":"script","name":"https://jira.mariadb.org/s/c32eb0da7ad9831253f8397e6cc26afd-CDN/lu2bv2/820016/12ta74/2380add21a9a1006587582385952de73/_/download/contextbatch/js/jira.browse.project,project.issue.navigator,jira.view.issue,jira.general,jira.global,atl.general,-_super/batch.js?agile_global_admin_condition=true&jag=true&jira.create.linked.issue=true&locale=en&slack-enabled=true","startTime":611,"connectEnd":611,"connectStart":611,"domainLookupEnd":611,"domainLookupStart":611,"fetchStart":611,"redirectEnd":0,"redirectStart":0,"requestStart":873.6999998092651,"responseEnd":1181.4000005722046,"responseStart":886.4000005722046,"secureConnectionStart":611},{"duration":285.6000003814697,"initiatorType":"script","name":"https://jira.mariadb.org/s/bc0bcb146314416123c992714ee00ff7-CDN/lu2bv2/820016/12ta74/c92c0caa9a024ae85b0ebdbed7fb4bd7/_/download/contextbatch/js/atl.global,-_super/batch.js?locale=en","startTime":611.1999998092651,"connectEnd":611.1999998092651,"connectStart":611.1999998092651,"domainLookupEnd":611.1999998092651,"domainLookupStart":611.1999998092651,"fetchStart":611.1999998092651,"redirectEnd":0,"redirectStart":0,"requestStart":874.6000003814697,"responseEnd":896.8000001907349,"responseStart":894.9000005722046,"secureConnectionStart":611.1999998092651},{"duration":287.69999980926514,"initiatorType":"script","name":"https://jira.mariadb.org/s/d41d8cd98f00b204e9800998ecf8427e-CDN/lu2bv2/820016/12ta74/1.0/_/download/batch/jira.webresources:calendar-en/jira.webresources:calendar-en.js","startTime":611.4000005722046,"connectEnd":611.4000005722046,"connectStart":611.4000005722046,"domainLookupEnd":611.4000005722046,"domainLookupStart":611.4000005722046,"fetchStart":611.4000005722046,"redirectEnd":0,"redirectStart":0,"requestStart":875.6999998092651,"responseEnd":899.1000003814697,"responseStart":897.4000005722046,"secureConnectionStart":611.4000005722046},{"duration":290.69999980926514,"initiatorType":"script","name":"https://jira.mariadb.org/s/d41d8cd98f00b204e9800998ecf8427e-CDN/lu2bv2/820016/12ta74/1.0/_/download/batch/jira.webresources:calendar-localisation-moment/jira.webresources:calendar-localisation-moment.js","startTime":611.6000003814697,"connectEnd":611.6000003814697,"connectStart":611.6000003814697,"domainLookupEnd":611.6000003814697,"domainLookupStart":611.6000003814697,"fetchStart":611.6000003814697,"redirectEnd":0,"redirectStart":0,"requestStart":877.1999998092651,"responseEnd":902.3000001907349,"responseStart":899.5,"secureConnectionStart":611.6000003814697},{"duration":264.19999980926514,"initiatorType":"link","name":"https://jira.mariadb.org/s/b04b06a02d1959df322d9cded3aeecc1-CDN/lu2bv2/820016/12ta74/a2ff6aa845ffc9a1d22fe23d9ee791fc/_/download/contextbatch/css/jira.global.look-and-feel,-_super/batch.css","startTime":611.8000001907349,"connectEnd":0,"connectStart":0,"domainLookupEnd":0,"domainLookupStart":0,"fetchStart":611.8000001907349,"redirectEnd":0,"redirectStart":0,"requestStart":0,"responseEnd":876,"responseStart":0,"secureConnectionStart":0},{"duration":343.80000019073486,"initiatorType":"script","name":"https://jira.mariadb.org/rest/api/1.0/shortcuts/820016/47140b6e0a9bc2e4913da06536125810/shortcuts.js?context=issuenavigation&context=issueaction","startTime":612,"connectEnd":612,"connectStart":612,"domainLookupEnd":612,"domainLookupStart":612,"fetchStart":612,"redirectEnd":0,"redirectStart":0,"requestStart":879.6000003814697,"responseEnd":955.8000001907349,"responseStart":947.6999998092651,"secureConnectionStart":612},{"duration":265.69999980926514,"initiatorType":"link","name":"https://jira.mariadb.org/s/3ac36323ba5e4eb0af2aa7ac7211b4bb-CDN/lu2bv2/820016/12ta74/d176f0986478cc64f24226b3d20c140d/_/download/contextbatch/css/com.atlassian.jira.projects.sidebar.init,-_super,-project.issue.navigator,-jira.view.issue/batch.css?jira.create.linked.issue=true","startTime":612.1000003814697,"connectEnd":0,"connectStart":0,"domainLookupEnd":0,"domainLookupStart":0,"fetchStart":612.1000003814697,"redirectEnd":0,"redirectStart":0,"requestStart":0,"responseEnd":877.8000001907349,"responseStart":0,"secureConnectionStart":0},{"duration":339,"initiatorType":"script","name":"https://jira.mariadb.org/s/719848dd97ebe0663199f49a3936487a-CDN/lu2bv2/820016/12ta74/d176f0986478cc64f24226b3d20c140d/_/download/contextbatch/js/com.atlassian.jira.projects.sidebar.init,-_super,-project.issue.navigator,-jira.view.issue/batch.js?jira.create.linked.issue=true&locale=en","startTime":612.3000001907349,"connectEnd":612.3000001907349,"connectStart":612.3000001907349,"domainLookupEnd":612.3000001907349,"domainLookupStart":612.3000001907349,"fetchStart":612.3000001907349,"redirectEnd":0,"redirectStart":0,"requestStart":889.1999998092651,"responseEnd":951.3000001907349,"responseStart":946.3000001907349,"secureConnectionStart":612.3000001907349},{"duration":889.5,"initiatorType":"script","name":"https://jira.mariadb.org/s/d41d8cd98f00b204e9800998ecf8427e-CDN/lu2bv2/820016/12ta74/1.0/_/download/batch/jira.webresources:bigpipe-js/jira.webresources:bigpipe-js.js","startTime":613.6000003814697,"connectEnd":613.6000003814697,"connectStart":613.6000003814697,"domainLookupEnd":613.6000003814697,"domainLookupStart":613.6000003814697,"fetchStart":613.6000003814697,"redirectEnd":0,"redirectStart":0,"requestStart":1489.5,"responseEnd":1503.1000003814697,"responseStart":1500.3000001907349,"secureConnectionStart":613.6000003814697},{"duration":889.1000003814697,"initiatorType":"script","name":"https://jira.mariadb.org/s/d41d8cd98f00b204e9800998ecf8427e-CDN/lu2bv2/820016/12ta74/1.0/_/download/batch/jira.webresources:bigpipe-init/jira.webresources:bigpipe-init.js","startTime":614.3000001907349,"connectEnd":614.3000001907349,"connectStart":614.3000001907349,"domainLookupEnd":614.3000001907349,"domainLookupStart":614.3000001907349,"fetchStart":614.3000001907349,"redirectEnd":0,"redirectStart":0,"requestStart":1489.9000005722046,"responseEnd":1503.4000005722046,"responseStart":1501.8000001907349,"secureConnectionStart":614.3000001907349},{"duration":288,"initiatorType":"xmlhttprequest","name":"https://jira.mariadb.org/rest/webResources/1.0/resources","startTime":1119.6000003814697,"connectEnd":1119.6000003814697,"connectStart":1119.6000003814697,"domainLookupEnd":1119.6000003814697,"domainLookupStart":1119.6000003814697,"fetchStart":1119.6000003814697,"redirectEnd":0,"redirectStart":0,"requestStart":1375.5,"responseEnd":1407.6000003814697,"responseStart":1406.4000005722046,"secureConnectionStart":1119.6000003814697}],"fetchStart":0,"domainLookupStart":397,"domainLookupEnd":421,"connectStart":421,"connectEnd":443,"secureConnectionStart":429,"requestStart":443,"responseStart":593,"responseEnd":608,"domLoading":597,"domInteractive":1631,"domContentLoadedEventStart":1631,"domContentLoadedEventEnd":1688,"domComplete":2507,"loadEventStart":2507,"loadEventEnd":2507,"userAgent":"Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com)","marks":[{"name":"bigPipe.sidebar-id.start","time":1607},{"name":"bigPipe.sidebar-id.end","time":1607.9000005722046},{"name":"bigPipe.activity-panel-pipe-id.start","time":1608},{"name":"bigPipe.activity-panel-pipe-id.end","time":1610.6999998092651},{"name":"activityTabFullyLoaded","time":1704.4000005722046}],"measures":[],"correlationId":"41c4f583c17699","effectiveType":"4g","downlink":9.9,"rtt":0,"serverDuration":94,"dbReadsTimeInMs":11,"dbConnsTimeInMs":18,"applicationHash":"9d11dbea5f4be3d4cc21f03a88dd11d8c8687422","experiments":[]}}
New Feature
Major
MDEV-30201 Remove MySQL names
MDEV-7032 new pam plugin with a suid wrapper
may be. But it needs to be carefully done to make sure nothing breaks on upgrades.
E.g. if there are users that use PAM plugin and PAM service name is not specified, do an update to set the service name to mysql for all existing users.
Hmm, this will still break new users created to use PAM plugin without a service name.