[MDEV-35179] Add multi-plugin authentication - Jira

XML

Word

Printable

Details

Type: New Feature
Status: Closed (View Workflow)
Priority: Major
Resolution: Duplicate
Fix Version/s: N/A
Component/s: Authentication and Privilege System
Labels:
None

Description

MariaDB already implements a mechanism that allows multiple plugins to be defined for a user that can all be used to authenticate the user (logical OR). Extending the syntax to allow multiple required authentication plugins would make it compatible with MySQL (logical AND).

Given plugins foo, bar, baz the following is possible:

CREATE USER markus IDENTIFIED VIA foo OR bar OR baz;

The request is to implement:

CREATE USER markus IDENTIFIED VIA foo AND bar AND baz;

MySQL implements this in a more fixed manner where there can be up to three mechanisms. Extending the MariaDB system to support both AND and OR would make it more versatile:

CREATE USER markus IDENTIFIED VIA mysql_native_password AS PASSWORD('my-password') AND pam OR unix_socket;

The example above would identify the user via mysql_native_password as well as pam or if it's a local connection, only via the unix_socket plugin.

Attachments

Issue Links

blocks

MXS-5334 Support MySQL multi-factor authentication (logical AND)

Open

duplicates

MDEV-33387 Require Multiple Authentication Plugins Concurrently - MFA

Open

Activity

People

Assignee:: Unassigned

Reporter:: markus makela

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 2024-10-16 13:14

Updated:: 2024-10-17 05:26

Resolved:: 2024-10-16 15:25

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.