[MDEV-25641] max_password_errors not working with ed25519 auth plugin - Jira

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Major
Resolution: Fixed
Affects Version/s: 10.5.8
Fix Version/s: 10.2.39, 10.3.30, 10.4.20, 10.5.11
Component/s: Authentication and Privilege System
Labels:
None
Environment:
redhat 7

Description

Found max_password_errors has no effect for user with ed25519 authentication plugin.

Below is an example of 2 users foo_native and foo_ed25519. foo_native account is being blocked after 2 consecutive wrong password as expected. But foo_ed25519 is not blocked after wrong password count more than max_password_errors (=2).

MariaDB [(none)]> select @@version;

+--------------------+

| @@version          |

+--------------------+

| 10.5.8-MariaDB-log |

+--------------------+

1 row in set (0.000 sec)

MariaDB [(none)]> select @@max_password_errors;

+-----------------------+

| @@max_password_errors |

+-----------------------+

|                     2 |

+-----------------------+

1 row in set (0.000 sec)

MariaDB [(none)]> create user foo_native@localhost identified by 'Abcd1234%' ;

Query OK, 0 rows affected (0.004 sec)

MariaDB [(none)]> create user foo_ed25519@localhost identified via ed25519 using password('Abcd1234%') ;

Query OK, 0 rows affected (0.004 sec)

MariaDB [(none)]> exit

Bye

[root@t1vuat-dbaas02 ~]#

[root@t1vuat-dbaas02 ~]#

[root@t1vuat-dbaas02 ~]#

[root@t1vuat-dbaas02 ~]# mysql --defaults-file=/u01/xxxx/my.cnf -ufoo_native -pabc

ERROR 1045 (28000): Access denied for user 'foo_native'@'localhost' (using password: YES)

[root@t1vuat-dbaas02 ~]# mysql --defaults-file=/u01/xxxx/my.cnf -ufoo_native -pabc

ERROR 1045 (28000): Access denied for user 'foo_native'@'localhost' (using password: YES)

[root@t1vuat-dbaas02 ~]# mysql --defaults-file=/u01/xxxx/my.cnf -ufoo_native -pabc

ERROR 4150 (HY000): User is blocked because of too many credential errors; unblock with 'FLUSH PRIVILEGES'

[root@t1vuat-dbaas02 ~]#

[root@t1vuat-dbaas02 ~]#

[root@t1vuat-dbaas02 ~]#

[root@t1vuat-dbaas02 ~]# mysql --defaults-file=/u01/xxxx/my.cnf -ufoo_ed25519 -pabc

ERROR 1045 (28000): Access denied for user 'foo_ed25519'@'localhost' (using password: YES)

[root@t1vuat-dbaas02 ~]# mysql --defaults-file=/u01/xxxx/my.cnf -ufoo_ed25519 -pabc

ERROR 1045 (28000): Access denied for user 'foo_ed25519'@'localhost' (using password: YES)

[root@t1vuat-dbaas02 ~]# mysql --defaults-file=/u01/xxxx/my.cnf -ufoo_ed25519 -pabc

ERROR 1045 (28000): Access denied for user 'foo_ed25519'@'localhost' (using password: YES)

[root@t1vuat-dbaas02 ~]# mysql --defaults-file=/u01/xxxx/my.cnf -ufoo_ed25519 -pabc

ERROR 1045 (28000): Access denied for user 'foo_ed25519'@'localhost' (using password: YES)

[root@t1vuat-dbaas02 ~]# mysql --defaults-file=/u01/xxxx/my.cnf -ufoo_ed25519 -pabc

ERROR 1045 (28000): Access denied for user 'foo_ed25519'@'localhost' (using password: YES)

[root@t1vuat-dbaas02 ~]# mysql --defaults-file=/u01/xxxx/my.cnf -ufoo_ed25519 -pabc

ERROR 1045 (28000): Access denied for user 'foo_ed25519'@'localhost' (using password: YES)

[root@t1vuat-dbaas02 ~]# mysql --defaults-file=/u01/xxxx/my.cnf -ufoo_ed25519 -pabc

ERROR 1045 (28000): Access denied for user 'foo_ed25519'@'localhost' (using password: YES)

[root@t1vuat-dbaas02 ~]# mysql --defaults-file=/u01/xxxx/my.cnf -ufoo_ed25519 -pabc

ERROR 1045 (28000): Access denied for user 'foo_ed25519'@'localhost' (using password: YES)

Attachments

Activity

There are no comments yet on this issue.

People

Assignee:: Sergei Golubchik

Reporter:: William Wong

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 2021-05-10 12:24

Updated:: 2021-05-25 14:07

Resolved:: 2021-05-22 22:06

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.

MariaDB Server