Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-25641

max_password_errors not working with ed25519 auth plugin

    XMLWordPrintable

    Details

      Description

      Found max_password_errors has no effect for user with ed25519 authentication plugin.

      Below is an example of 2 users foo_native and foo_ed25519. foo_native account is being blocked after 2 consecutive wrong password as expected. But foo_ed25519 is not blocked after wrong password count more than max_password_errors (=2).

      MariaDB [(none)]> select @@version;
      +--------------------+
      | @@version          |
      +--------------------+
      | 10.5.8-MariaDB-log |
      +--------------------+
      1 row in set (0.000 sec)
       
      MariaDB [(none)]> select @@max_password_errors;
      +-----------------------+
      | @@max_password_errors |
      +-----------------------+
      |                     2 |
      +-----------------------+
      1 row in set (0.000 sec)
       
      MariaDB [(none)]> create user foo_native@localhost identified by 'Abcd1234%' ;
      Query OK, 0 rows affected (0.004 sec)
       
      MariaDB [(none)]> create user foo_ed25519@localhost identified via ed25519 using password('Abcd1234%') ;
      Query OK, 0 rows affected (0.004 sec)
       
      MariaDB [(none)]> exit
      Bye
      [root@t1vuat-dbaas02 ~]#
      [root@t1vuat-dbaas02 ~]#
      [root@t1vuat-dbaas02 ~]#
      [root@t1vuat-dbaas02 ~]# mysql --defaults-file=/u01/xxxx/my.cnf -ufoo_native -pabc
      ERROR 1045 (28000): Access denied for user 'foo_native'@'localhost' (using password: YES)
      [root@t1vuat-dbaas02 ~]# mysql --defaults-file=/u01/xxxx/my.cnf -ufoo_native -pabc
      ERROR 1045 (28000): Access denied for user 'foo_native'@'localhost' (using password: YES)
      [root@t1vuat-dbaas02 ~]# mysql --defaults-file=/u01/xxxx/my.cnf -ufoo_native -pabc
      ERROR 4150 (HY000): User is blocked because of too many credential errors; unblock with 'FLUSH PRIVILEGES'
      [root@t1vuat-dbaas02 ~]#
      [root@t1vuat-dbaas02 ~]#
      [root@t1vuat-dbaas02 ~]#
      [root@t1vuat-dbaas02 ~]# mysql --defaults-file=/u01/xxxx/my.cnf -ufoo_ed25519 -pabc
      ERROR 1045 (28000): Access denied for user 'foo_ed25519'@'localhost' (using password: YES)
      [root@t1vuat-dbaas02 ~]# mysql --defaults-file=/u01/xxxx/my.cnf -ufoo_ed25519 -pabc
      ERROR 1045 (28000): Access denied for user 'foo_ed25519'@'localhost' (using password: YES)
      [root@t1vuat-dbaas02 ~]# mysql --defaults-file=/u01/xxxx/my.cnf -ufoo_ed25519 -pabc
      ERROR 1045 (28000): Access denied for user 'foo_ed25519'@'localhost' (using password: YES)
      [root@t1vuat-dbaas02 ~]# mysql --defaults-file=/u01/xxxx/my.cnf -ufoo_ed25519 -pabc
      ERROR 1045 (28000): Access denied for user 'foo_ed25519'@'localhost' (using password: YES)
      [root@t1vuat-dbaas02 ~]# mysql --defaults-file=/u01/xxxx/my.cnf -ufoo_ed25519 -pabc
      ERROR 1045 (28000): Access denied for user 'foo_ed25519'@'localhost' (using password: YES)
      [root@t1vuat-dbaas02 ~]# mysql --defaults-file=/u01/xxxx/my.cnf -ufoo_ed25519 -pabc
      ERROR 1045 (28000): Access denied for user 'foo_ed25519'@'localhost' (using password: YES)
      [root@t1vuat-dbaas02 ~]# mysql --defaults-file=/u01/xxxx/my.cnf -ufoo_ed25519 -pabc
      ERROR 1045 (28000): Access denied for user 'foo_ed25519'@'localhost' (using password: YES)
      [root@t1vuat-dbaas02 ~]# mysql --defaults-file=/u01/xxxx/my.cnf -ufoo_ed25519 -pabc
      ERROR 1045 (28000): Access denied for user 'foo_ed25519'@'localhost' (using password: YES)
      

        Attachments

          Activity

            People

            Assignee:
            serg Sergei Golubchik
            Reporter:
            frelist William Wong
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Git Integration