Details
Blocker Description
Failed "ALTER USER/GRANT" statement removes the password from cache. We need to forcefully flush privileges to reload the password in cache.
|
|
10.7.0-opt>INSTALL SONAME 'password_reuse_check';
|
Query OK, 0 rows affected (0.000 sec)
|
|
|
10.7.0-opt>show grants for test_user@localhost ;
|
+---------------------------------------------------------------------------------------------------------------------------+
|
| Grants for test_user@localhost |
|
+---------------------------------------------------------------------------------------------------------------------------+
|
| GRANT ALL PRIVILEGES ON *.* TO `test_user`@`localhost` IDENTIFIED BY PASSWORD '*66C77D72F32DC78E989434B9F9057B0C6D50464F' |
|
+---------------------------------------------------------------------------------------------------------------------------+
|
1 row in set (0.000 sec)
|
|
|
10.7.0-opt>ALTER USER test_user@localhost identified by 'dummypass';
|
ERROR 1396 (HY000): Operation ALTER USER failed for 'test_user'@'localhost'
|
10.7.0-opt>show grants for test_user@localhost ;
|
+--------------------------------------------------------+
|
| Grants for test_user@localhost |
|
+--------------------------------------------------------+
|
| GRANT ALL PRIVILEGES ON *.* TO `test_user`@`localhost` |
|
+--------------------------------------------------------+
|
1 row in set (0.000 sec)
|
|
|
10.7.0-opt>
|
$ ./bin/mysql -utest_user -S/test/mtest/MD160921-mariadb-10.7.0-linux-x86_64-opt/socket.sock -pdummypass
|
ERROR 1045 (28000): Access denied for user 'test_user'@'localhost' (using password: YES)
|
$
|
|
|
10.7.0-opt>show grants for test_user@localhost;
|
+---------------------------------------------------------------------------------------------------------------------------+
|
| Grants for test_user@localhost |
|
+---------------------------------------------------------------------------------------------------------------------------+
|
| GRANT ALL PRIVILEGES ON *.* TO `test_user`@`localhost` IDENTIFIED BY PASSWORD '*BCF4F28E525ED7EE4664FFFF4DAE13EC14A6ABE1' |
|
+---------------------------------------------------------------------------------------------------------------------------+
|
1 row in set (0.000 sec)
|
|
|
10.7.0-opt>grant all on *.* to test_user@localhost identified by 'Test@123';
|
ERROR 1819 (HY000): Your password does not satisfy the current policy requirements
|
10.7.0-opt>show grants for test_user@localhost;
|
+--------------------------------------------------------+
|
| Grants for test_user@localhost |
|
+--------------------------------------------------------+
|
| GRANT ALL PRIVILEGES ON *.* TO `test_user`@`localhost` |
|
+--------------------------------------------------------+
|
1 row in set (0.000 sec)
|
|
|
10.7.0-opt>
|
This issue is not present if we UNINSTALL password_reuse_check plugin
10.7.0-opt>UNINSTALL SONAME 'password_reuse_check';
|
Query OK, 0 rows affected (0.009 sec)
|
|
|
10.7.0-opt>
|
10.7.0-opt>show grants for test_user@localhost ;
|
+---------------------------------------------------------------------------------------------------------------------------+
|
| Grants for test_user@localhost |
|
+---------------------------------------------------------------------------------------------------------------------------+
|
| GRANT ALL PRIVILEGES ON *.* TO `test_user`@`localhost` IDENTIFIED BY PASSWORD '*00E247AC5F9AF26AE0194B41E1E769DEE1429A29' |
|
+---------------------------------------------------------------------------------------------------------------------------+
|
1 row in set (0.000 sec)
|
|
|
10.7.0-opt>ALTER USER test_user@localhost identified by 'testpass';
|
Query OK, 0 rows affected (0.012 sec)
|
|
|
10.7.0-opt>show grants for test_user@localhost ;
|
+---------------------------------------------------------------------------------------------------------------------------+
|
| Grants for test_user@localhost |
|
+---------------------------------------------------------------------------------------------------------------------------+
|
| GRANT ALL PRIVILEGES ON *.* TO `test_user`@`localhost` IDENTIFIED BY PASSWORD '*00E247AC5F9AF26AE0194B41E1E769DEE1429A29' |
|
+---------------------------------------------------------------------------------------------------------------------------+
|
1 row in set (0.000 sec)
|
|
|
10.7.0-opt>
|
Attachments
Issue Links
- duplicates
-
MDEV-26739 Login allowed after ERROR 1396
-
- Open
-
- is caused by
-
MDEV-9245 password "reuse prevention" validation plugin
-
- Closed
-