Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-38896

When using multiple authenticators with OR-logic, first try the authenticator client requests in the handhake response

    XMLWordPrintable

Details

    Description

      https://mariadb.com/docs/server/reference/sql-statements/account-management-sql-statements/create-user#authentication-options says:

      If more than one authentication mechanism is declared using the OR keyword, the mechanisms are attempted in the order they are declared in the CREATE USER statement. As soon as one of the authentication mechanisms is successful, authentication is complete.

      This leads to an unoptimal situation (assuming user account uses authenticators A and B in that order): Client gives password for authenticator B and asks for B in handshake response, yet server tries authenticator A first. Only once it fails, does the server switch to B.

      Server could try B first, assuming plugin B is loaded and the user account uses it.

      Attachments

        Issue Links

          is blocked by

          New Feature - A new feature of the product, which has yet to be developed. MDEV-12320 configurable default authentication plugin for the server

          • Critical - Crashes, loss of data, severe memory leak.
          • Stalled

          Activity

            People

              serg Sergei Golubchik
              esa.korhonen Esa Korhonen
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.