Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-6385

MariaDB Galera Authentication between nodes and SST

    XMLWordPrintable

Details

    Description

      Considering authentication requirements between MariaDB Galera Nodes, we would like to suggest several changes to be mate within MariaDB Galera Cluster:
      1) Authentication methods should be implemented between MariaDB Galera cluster nodes based either on Kerberos/AD/LDAP. The reason behind this requirement is that in current implementation there is a possibility to attach any node to the cluster with full dump of data inside the database and future access to this data by changing credentials in database.
      2) SST methods based on xtrabackup require login/password of user having access to database be written in a plain-text format. We would like to suggest modifying this section to either save credential in encrypted format, or adding Kerberos authentication.

      Attachments

        Issue Links

          relates to

          Task - A task that needs to be done. MDEV-4691 Kerberize MariaDB -- add Kerberos authentication support to MariaDB

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed

          Task - A task that needs to be done. MDEV-27246 Implement a method to add IPs to allowlist for Galera Cluster node addresses that can make SST/IST requests

          • Blocker - Blocks development and/or testing work, production could not run.
          • Closed

          Activity

            People

              KennethDyer Kenneth Dyer (Inactive)
              trofimal Aleksej Trofimov
              Votes:
              4 Vote for this issue
              Watchers:
              9 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.