Details
-
Bug
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Won't Fix
-
10.11
-
None
Description
See e.g https://stackoverflow.com/questions/76520710/authentication-plugin-auth-gssapi-client-cannot-be-loaded or https://stackoverflow.com/questions/77266689/sqlx-unknown-authentication-plugin-auth-gssapi-client-mariadb
Since 10.11 (MDEV-26715), root user can connect using gssapi, e.g if password not provided.
GSSAPI is not supported by non-MariaDB Connectors, with one notable exception of community .NET connector (https://mysqlconnector.net ) . This is not a big deal, as we do not expect 3rd party application to use "root" user in applications, and even if they do, with correct password it would work.
However trying to connect if the user does not exist , and MariaDB "faking" logic copies a root user, that runs authentication sequence, and ends up with "auth_gssapi is not supported".
This
- confuses people every time they see it, because they know they have not created gssapi users. There is, for example a claim that mariadb is using different default authentication plugin https://onezeronull.com/2023/10/23/authentication-method-unknown-to-the-client/ (it does not)
- Is, with a high probability, a giveaway for "user does not exist" condition, exactly what faking user logic was aimed to fix
Perhaps, existing logic should be changed, so predefined users e.g "root" are not used to fake a non-existing user.
Attachments
Issue Links
- relates to
-
MDEV-26715 Windows - passwordless login for mariadb root user, for OS admin users
-
- Closed
-