Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-23729

INFORMATION_SCHEMA Table info. about user locked due to max_password_errors

Details

    Description

      Currently with the max_password_errors configured, we don't really see any tables having a flag about the blocked user account due to this reason. (i.e., user blocked with the max attempt of trying to connect db with wrong password).

      https://mariadb.com/kb/en/server-system-variables/#max_password_errors

      One of our customers seems like in requirement of getting the list of blocked users, due to wrong password attempts.

      Like for the "Account Locking", whenever a user is locked, will have "account_lock:false or true" in JSON object of the table "mysql.global_priv table", can we implement the similar type of info available for the blocked users for the max_password_errors case?

      Attachments

        Issue Links

          includes

          New Feature - A new feature of the product, which has yet to be developed. MDEV-32218 message to notify end-user N-days prior the password get expired

          • Major - Major loss of function.
          • Closed
          is caused by

          Task - A task that needs to be done. MDEV-7598 Block user accounts after failed login attempts

          • Major - Major loss of function.
          • Closed
          relates to

          New Feature - A new feature of the product, which has yet to be developed. MDEV-27205 MariaDB user last login time details at DB level

          • Critical - Crashes, loss of data, severe memory leak.
          • Stalled

          Task - A task that needs to be done. MDEV-30045 settable message to notify end-user N-days prior the password get expired

          • Major - Major loss of function.
          • Closed

          Task - A task that needs to be done. MDEV-31186 Provide information about a user via an information schema table

          • Major - Major loss of function.
          • Open

          New Feature - A new feature of the product, which has yet to be developed. MDEV-32649 Add INFORMATION_SCHEMA Table with user related details

          • Major - Major loss of function.
          • Open

          New Feature - A new feature of the product, which has yet to be developed. MDEV-29209 Implement connection response delay after a number of failed login attempts

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Stalled

          New Feature - A new feature of the product, which has yet to be developed. MDEV-32218 message to notify end-user N-days prior the password get expired

          • Major - Major loss of function.
          • Closed

          Activity

            Ascending order - Click to sort in descending order
            suresh.ramagiri@mariadb.com suresh ramagiri created issue -
            serg Sergei Golubchik made changes -
            Field Original Value New Value
            Assignee Ralf Gebhardt [ ralf.gebhardt@mariadb.com ]
            serg Sergei Golubchik made changes -
            Fix Version/s 10.7 [ 24805 ]
            ralf.gebhardt Ralf Gebhardt made changes -
            Assignee Ralf Gebhardt [ ralf.gebhardt@mariadb.com ]
            ralf.gebhardt Ralf Gebhardt made changes -
            Fix Version/s 10.7 [ 24805 ]
            serg Sergei Golubchik made changes -
            Workflow MariaDB v3 [ 113468 ] MariaDB v4 [ 131367 ]
            AirFocus AirFocus made changes -
            Description Currently with the max_password_errors configured, we don't really see any tables having a flag about the blocked user account due to this reason. (i.e., user blocked with the max attempt of trying to connect db with wrong password).

            One of our customers seems like in requirement of getting the list of blocked users, due to wrong password attempts.

            Like for the "Account Locking", whenever a user is locked, will have "account_lock:false or true" in JSON object of the table "mysql.global_priv table", can we implement the similar type of info available for the blocked users for the max_password_errors case?
            		Currently with the max_password_errors configured, we don't really see any tables having a flag about the blocked user account due to this reason. (i.e., user blocked with the max attempt of trying to connect db with wrong password).

            One of our customers seems like in requirement of getting the list of blocked users, due to wrong password attempts.

            Like for the "Account Locking", whenever a user is locked, will have "account_lock:false or true" in JSON object of the table "mysql.global_priv table", can we implement the similar type of info available for the blocked users for the max_password_errors case?
            ralf.gebhardt Ralf Gebhardt made changes -
            Description Currently with the max_password_errors configured, we don't really see any tables having a flag about the blocked user account due to this reason. (i.e., user blocked with the max attempt of trying to connect db with wrong password).

            One of our customers seems like in requirement of getting the list of blocked users, due to wrong password attempts.

            Like for the "Account Locking", whenever a user is locked, will have "account_lock:false or true" in JSON object of the table "mysql.global_priv table", can we implement the similar type of info available for the blocked users for the max_password_errors case?             		Currently with the max_password_errors configured, we don't really see any tables having a flag about the blocked user account due to this reason. (i.e., user blocked with the max attempt of trying to connect db with wrong password).

            One of our customers seems like in requirement of getting the list of blocked users, due to wrong password attempts.

            Like for the "Account Locking", whenever a user is locked, will have "account_lock:false or true" in JSON object of the table "mysql.global_priv table", can we implement the similar type of info available for the blocked users for the max_password_errors case?

            UPDATE:
            The feature request is to have a table like "blocked_accounts" in the information schema which stores all currently blocked (and maybe also locked) accounts and an information why they are blocked. Possible reasons are:
            ralf.gebhardt Ralf Gebhardt made changes -
            Description Currently with the max_password_errors configured, we don't really see any tables having a flag about the blocked user account due to this reason. (i.e., user blocked with the max attempt of trying to connect db with wrong password).

            One of our customers seems like in requirement of getting the list of blocked users, due to wrong password attempts.

            Like for the "Account Locking", whenever a user is locked, will have "account_lock:false or true" in JSON object of the table "mysql.global_priv table", can we implement the similar type of info available for the blocked users for the max_password_errors case?

            UPDATE:
            The feature request is to have a table like "blocked_accounts" in the information schema which stores all currently blocked (and maybe also locked) accounts and an information why they are blocked. Possible reasons are:             		Currently with the max_password_errors configured, we don't really see any tables having a flag about the blocked user account due to this reason. (i.e., user blocked with the max attempt of trying to connect db with wrong password).

            One of our customers seems like in requirement of getting the list of blocked users, due to wrong password attempts.

            Like for the "Account Locking", whenever a user is locked, will have "account_lock:false or true" in JSON object of the table "mysql.global_priv table", can we implement the similar type of info available for the blocked users for the max_password_errors case?

            UPDATE:
            The feature request is to have a table like "blocked_accounts" in the information schema which stores all currently blocked (and maybe also locked) accounts and an information why they are blocked. Possible reasons are:
            * max-password-errors reached
            * max_connect_errors reached
            * MAX_CONNECTIONS_PER_HOUR reached (ER_USER_LIMIT_REACHED)
            * MAX_USER_CONNECTIONS (ER_TOO_MANY_USER_CONNECTIONS)
            * password expired
            * account locked
            * secure_auth set => mysql_old_password is used

            The table content should only be accessible for a user with privilege CONNECTION ADMIN
            ralf.gebhardt Ralf Gebhardt made changes -
            Summary max_password_errors - Users blocked due to wrong password information at DB level Information Schema Table for blocked accounts
            serg Sergei Golubchik made changes -
            serg Sergei Golubchik made changes -
            pramod.mahto@mariadb.com Pramod Mahto made changes -
            Summary Information Schema Table for blocked accounts mysql.global_priv Table should have info. about user locked due to max_password_errors
            pramod.mahto@mariadb.com Pramod Mahto made changes -
            Description Currently with the max_password_errors configured, we don't really see any tables having a flag about the blocked user account due to this reason. (i.e., user blocked with the max attempt of trying to connect db with wrong password).

            One of our customers seems like in requirement of getting the list of blocked users, due to wrong password attempts.

            Like for the "Account Locking", whenever a user is locked, will have "account_lock:false or true" in JSON object of the table "mysql.global_priv table", can we implement the similar type of info available for the blocked users for the max_password_errors case?

            UPDATE:
            The feature request is to have a table like "blocked_accounts" in the information schema which stores all currently blocked (and maybe also locked) accounts and an information why they are blocked. Possible reasons are:
            * max-password-errors reached
            * max_connect_errors reached
            * MAX_CONNECTIONS_PER_HOUR reached (ER_USER_LIMIT_REACHED)
            * MAX_USER_CONNECTIONS (ER_TOO_MANY_USER_CONNECTIONS)
            * password expired
            * account locked
            * secure_auth set => mysql_old_password is used

            The table content should only be accessible for a user with privilege CONNECTION ADMIN             		Currently with the max_password_errors configured, we don't really see any tables having a flag about the blocked user account due to this reason. (i.e., user blocked with the max attempt of trying to connect db with wrong password).

            https://mariadb.com/kb/en/server-system-variables/#max_password_errors

            One of our customers seems like in requirement of getting the list of blocked users, due to wrong password attempts.

            Like for the "Account Locking", whenever a user is locked, will have "account_lock:false or true" in JSON object of the table "mysql.global_priv table", can we implement the similar type of info available for the blocked users for the max_password_errors case?

            UPDATE:
            The feature request is to have a table like "blocked_accounts" in the information schema which stores all currently blocked (and maybe also locked) accounts and an information why they are blocked. Possible reasons are:
            * max-password-errors reached
            * max_connect_errors reached
            * MAX_CONNECTIONS_PER_HOUR reached (ER_USER_LIMIT_REACHED)
            * MAX_USER_CONNECTIONS (ER_TOO_MANY_USER_CONNECTIONS)
            * password expired
            * account locked
            * secure_auth set => mysql_old_password is used

            The table content should only be accessible for a user with privilege CONNECTION ADMIN
            pramod.mahto@mariadb.com Pramod Mahto made changes -
            Summary mysql.global_priv Table should have info. about user locked due to max_password_errors INFORMATION_SCHEMA Table info. about user locked due to max_password_errors
            ralf.gebhardt Ralf Gebhardt made changes -
            ralf.gebhardt Ralf Gebhardt made changes -
            Description Currently with the max_password_errors configured, we don't really see any tables having a flag about the blocked user account due to this reason. (i.e., user blocked with the max attempt of trying to connect db with wrong password).

            https://mariadb.com/kb/en/server-system-variables/#max_password_errors

            One of our customers seems like in requirement of getting the list of blocked users, due to wrong password attempts.

            Like for the "Account Locking", whenever a user is locked, will have "account_lock:false or true" in JSON object of the table "mysql.global_priv table", can we implement the similar type of info available for the blocked users for the max_password_errors case?

            UPDATE:
            The feature request is to have a table like "blocked_accounts" in the information schema which stores all currently blocked (and maybe also locked) accounts and an information why they are blocked. Possible reasons are:
            * max-password-errors reached
            * max_connect_errors reached
            * MAX_CONNECTIONS_PER_HOUR reached (ER_USER_LIMIT_REACHED)
            * MAX_USER_CONNECTIONS (ER_TOO_MANY_USER_CONNECTIONS)
            * password expired
            * account locked
            * secure_auth set => mysql_old_password is used

            The table content should only be accessible for a user with privilege CONNECTION ADMIN             		Currently with the max_password_errors configured, we don't really see any tables having a flag about the blocked user account due to this reason. (i.e., user blocked with the max attempt of trying to connect db with wrong password).

            https://mariadb.com/kb/en/server-system-variables/#max_password_errors

            One of our customers seems like in requirement of getting the list of blocked users, due to wrong password attempts.

            Like for the "Account Locking", whenever a user is locked, will have "account_lock:false or true" in JSON object of the table "mysql.global_priv table", can we implement the similar type of info available for the blocked users for the max_password_errors case?

            serg Sergei Golubchik made changes -
            Assignee Nikita Malyavin [ nikitamalyavin ]
            serg Sergei Golubchik made changes -
            Fix Version/s 11.4 [ 29301 ]
            serg Sergei Golubchik made changes -
            Priority Major [ 3 ] Critical [ 2 ]
            julien.fritsch Julien Fritsch made changes -
            Issue Type Task [ 3 ] New Feature [ 2 ]
            nikitamalyavin Nikita Malyavin made changes -
            Status Open [ 1 ] In Progress [ 3 ]
            serg Sergei Golubchik made changes -
            nikitamalyavin Nikita Malyavin made changes -
            Status In Progress [ 3 ] Stalled [ 10000 ]
            serg Sergei Golubchik made changes -
            Fix Version/s 11.5 [ 29506 ]
            Fix Version/s 11.4 [ 29301 ]
            nikitamalyavin Nikita Malyavin made changes -
            Status Stalled [ 10000 ] In Progress [ 3 ]
            ralf.gebhardt Ralf Gebhardt made changes -
            nikitamalyavin Nikita Malyavin made changes -
            Assignee Nikita Malyavin [ nikitamalyavin ] Debarun Banerjee [ JIRAUSER54513 ]
            Status In Progress [ 3 ] In Review [ 10002 ]
            nikitamalyavin Nikita Malyavin made changes -
            Assignee Debarun Banerjee [ JIRAUSER54513 ] Nikita Malyavin [ nikitamalyavin ]
            nikitamalyavin Nikita Malyavin made changes -
            Status In Review [ 10002 ] Stalled [ 10000 ]
            nikitamalyavin Nikita Malyavin made changes -
            Comment [ The fix looks good to me. I have left some notes on the improvements to the tests, that are required for pushing. ]
            nikitamalyavin Nikita Malyavin made changes -
            Status Stalled [ 10000 ] In Progress [ 3 ]
            nikitamalyavin Nikita Malyavin made changes -
            Assignee Nikita Malyavin [ nikitamalyavin ] Sergei Golubchik [ serg ]
            Status In Progress [ 3 ] In Review [ 10002 ]
            serg Sergei Golubchik made changes -
            serg Sergei Golubchik made changes -
            serg Sergei Golubchik made changes -
            Assignee Sergei Golubchik [ serg ] Nikita Malyavin [ nikitamalyavin ]
            Status In Review [ 10002 ] Stalled [ 10000 ]
            serg Sergei Golubchik made changes -
            Status Stalled [ 10000 ] In Testing [ 10301 ]
            serg Sergei Golubchik made changes -
            Assignee Nikita Malyavin [ nikitamalyavin ] Elena Stepanova [ elenst ]
            elenst Elena Stepanova made changes -
            Assignee Elena Stepanova [ elenst ] Alice Sherepa [ alice ]
            serg Sergei Golubchik made changes -
            serg Sergei Golubchik made changes -
            ralf.gebhardt Ralf Gebhardt made changes -
            Labels Preview_11.5
            alice Alice Sherepa made changes -
            Assignee Alice Sherepa [ alice ] Nikita Malyavin [ nikitamalyavin ]
            Status In Testing [ 10301 ] Stalled [ 10000 ]
            serg Sergei Golubchik made changes -
            Component/s Authentication and Privilege System [ 13101 ]
            Fix Version/s 11.5.1 [ 29634 ]
            Fix Version/s 11.5 [ 29506 ]
            Resolution Fixed [ 1 ]
            Status Stalled [ 10000 ] Closed [ 6 ]
            mariadb-jira-automation Jira Automation (IT) made changes -
            Zendesk Related Tickets 201619 119904 153403
            Zendesk active tickets 201619
            mariadb-jira-automation Jira Automation (IT) made changes -
            Zendesk active tickets 201619 CS0001 201619
            ralf.gebhardt Ralf Gebhardt made changes -

            People

              nikitamalyavin Nikita Malyavin
              suresh.ramagiri@mariadb.com suresh ramagiri
              Votes:
              0 Vote for this issue
              Watchers:
              12 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.