Details
-
Task
-
Status: Open (View Workflow)
-
Minor
-
Resolution: Unresolved
-
None
-
None
Description
I have setup MariaDB in Docker and trying to get it to work with GSSAPI. So far I can only get it to work by creating a user with the same username as my Windows user.
A custom Dockerfile is made to install the GSSAPI plugin like so:
FROM mariadb:10-jammy
|
 |
RUN apt update -y
|
RUN apt install mariadb-plugin-gssapi-server -y
|
Otherwise the plugin is missing in the Docker container.
If I create a new user with the same username it works:
CREATE USER MIDU IDENTIFIED VIA gssapi |
However trying to use the `AS` option with `SID` or `GROUP` does not work. I'll get an error like this:
GSSAPI name mismatch, requested 'SID:WD', actual name 'MIDU@EXAMPLE.LOCAL'
|
So it's as if it's not checking the group permissions for the user.
I've been following the guide at https://mariadb.com/kb/en/authentication-plugin-gssapi
And testing have been done both in HeidiSQL and tried creating some demo code with the ODBC driver - both get the same errors.
Creating the everyone user as defined in the original issue (MDEV-23959) does not work either, but I've also tried my own combination of SID of group and group name without luck.
Neither of these work:
CREATE USER MIDU IDENTIFIED VIA gssapi as 'SID:S-1-5-21-3285602104-3108630777-907688344-10270' |
CREATE USER MIDU IDENTIFIED VIA gssapi as 'GROUP:Database-MariaDB-Admin' |
CREATE USER MIDU IDENTIFIED VIA gssapi as 'GROUP:example.local\\Database-MariaDB-Admin' |
Using another username for the MariaDB user doesn't change things either.