[MDEV-20997] max_password_errors not working - Jira

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Major
Resolution: Incomplete
Affects Version/s: 10.4.6
Fix Version/s: N/A
Component/s: Authentication and Privilege System
Labels:
- need_feedback

Description

We have a requirement to block a user after maximum permitted number of failed connection.

We use max_password_errors Variable but it doesn't seem to take affect. The version of Mariadb we have is Server version: 10.4.6-MariaDB MariaDB Server.

We set this variable in /etc/my.cnf.d/server.cnf file under mariadb section.

This group is only read by MariaDB servers, not by MySQL.
If you use the same .cnf file for MySQL and MariaDB,
you can put MariaDB-only options here
[mariadb]
max_password_errors=2

Packages we installed are as below:

rpm -qa|grep -i maria
MariaDB-compat-10.4.6-1.el7.centos.x86_64
MariaDB-cracklib-password-check-10.4.6-1.el7.centos.x86_64
MariaDB-devel-10.4.6-1.el7.centos.x86_64
MariaDB-client-10.4.6-1.el7.centos.x86_64
MariaDB-cracklib-password-check-debuginfo-10.4.6-1.el7.centos.x86_64
MariaDB-common-10.4.6-1.el7.centos.x86_64
MariaDB-server-10.4.6-1.el7.centos.x86_64
galera-4-26.4.2-1.rhel7.el7.centos.x86_64

Attachments

Activity

Ascending order - Click to sort in descending order

Ayshkanta added a comment - 2019-11-08 16:27

Can we know if the variable is really working or not. if yes then where is the error at our end.

Ayshkanta added a comment - 2019-11-08 16:27 Can we know if the variable is really working or not. if yes then where is the error at our end.

Elena Stepanova added a comment - 2019-11-18 20:26

It seems to be working for me:

MariaDB [test]> select @@version;

+----------------+

| @@version      |

+----------------+

| 10.4.6-MariaDB |

+----------------+

1 row in set (0.000 sec)

MariaDB [test]> select @@max_password_errors;

+-----------------------+

| @@max_password_errors |

+-----------------------+

|                     2 |

+-----------------------+

1 row in set (0.000 sec)

MariaDB [test]> create user foo@localhost identified by 'password';

Query OK, 0 rows affected (0.019 sec)

MariaDB [test]> exit

$ mysql -ufoo -pbar

ERROR 1045 (28000): Access denied for user 'foo'@'localhost' (using password: YES)

$ mysql -ufoo -pbar

ERROR 1045 (28000): Access denied for user 'foo'@'localhost' (using password: YES)

$ mysql -ufoo -ppassword

ERROR 4150 (HY000): User is blocked because of too many credential errors; unblock with 'FLUSH PRIVILEGES'

Please describe in more detail what you do and how exactly it doesn't work.

Elena Stepanova added a comment - 2019-11-18 20:26 It seems to be working for me: MariaDB [test]> select @@version; + ----------------+ | @@version | + ----------------+ | 10.4.6-MariaDB | + ----------------+ 1 row in set (0.000 sec) MariaDB [test]> select @@max_password_errors; + -----------------------+ | @@max_password_errors | + -----------------------+ | 2 | + -----------------------+ 1 row in set (0.000 sec) MariaDB [test]> create user foo@localhost identified by 'password' ; Query OK, 0 rows affected (0.019 sec) MariaDB [test]> exit $ mysql -ufoo -pbar ERROR 1045 (28000): Access denied for user 'foo' @ 'localhost' (using password : YES) $ mysql -ufoo -pbar ERROR 1045 (28000): Access denied for user 'foo' @ 'localhost' (using password : YES) $ mysql -ufoo -ppassword ERROR 4150 (HY000): User is blocked because of too many credential errors; unblock with 'FLUSH PRIVILEGES' Please describe in more detail what you do and how exactly it doesn't work.

People

Assignee:: Unassigned

Reporter:: Ayshkanta

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 2019-11-06 17:52

Updated:: 2019-12-24 08:26

Resolved:: 2019-12-24 08:26

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.