Details
-
New Feature
-
Status: Closed (View Workflow)
-
Critical
-
Resolution: Fixed
Description
Most advanced SST methods happen to require a dedicated database user
account with certain privileges to access the server during the SST
process on the donor node. Previously that user account had to be
created manually before any SST could take place and its authentication
credentials had to be manually entered into the configuration file and
stored there in clear text indefinitely - to be accessed by the SST
script when needed.
A much less error prone and more secure approach is to automatically
create such user account just for the SST and delete it afterwards. The
account credentials can be passed directly to SST script. Besides better
security and simpler node configuration this also solves the problem of
SST user privilege evolution: the required privileges may change with
the new server release, and automatic account generation will always
create the user with the right privileges.
Attachments
Issue Links
- duplicates
-
MDEV-16009 mariabackup SST requires clear text password in xtrabackup.cnf
- Open
- relates to
-
MDEV-16009 mariabackup SST requires clear text password in xtrabackup.cnf
- Open
-
MDEV-19949 mariabackup option of '--password' or '-p' without specifying password in commandline
- Closed
-
MDEV-20757 wsrep_ss_auth password encryption
- Open
-
MDEV-25321 mariabackup failed if password is passed via environment variable
- Closed
Merged with the head revision:
https://github.com/MariaDB/server/commit/203d337a5533662111cc86505d19cda98b352d06 (prerequisite)
https://github.com/MariaDB/server/commit/d9f910bfe9ec3997a3b9e593e2f47ec5a4f80271
https://github.com/MariaDB/server/commit/1aa1a7cf6459e95adc18717cd69fbdde1dcaf7f0
https://github.com/MariaDB/server/commit/a1e5a284fc009ce0a0e66f199d45cc2f4f705c30
https://github.com/MariaDB/server/commit/2ba1a8b878b7549749cee4dc109d7d4c3e66d36a
https://github.com/MariaDB/server/commit/29e9ade269d803b6823ec57808e0b7fad28baf9e