Details
-
Bug
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Cannot Reproduce
-
None
-
None
Description
We are facing issues in user authentication in client server communication via Maxscale on s390x.
- Connection via Maxscale with the user with password - Authentication fails : Access is denied.
- Connection via Maxscale with the user with no password set - Connection is successful.
More details as below,we have a container with IPs as follows:
MaxScale 172.17.0.4
Master 172.17.0.8
Client 172.17.0.10
Slave 172.17.0.9
User With Password:
On Master server below are the users with their privileges:
MariaDB [(none)]> SELECT User, Host, Password FROM mysql.user;
--------------------- ----------------------------------------
| User | Host | Password -------- |
| root | localhost | |
| repl | 172.17.0.9 | *A424E797037BF97C19A2E88CF7891C5C2038C039 |
| maxuser | 172.17.0.4 | *5EDBD32E469DAE0CE10E6999C3899DEFCB9F12E0 |
| maxuser | 172.17.0.10 | *5EDBD32E469DAE0CE10E6999C3899DEFCB9F12E0 |
-------------------------------------------------------------
4 rows in set (0.00 sec)
MariaDB [(none)]> show grants for 'maxuser'@'172.17.0.4';
--------------------------------------------------------------------------------------------------------------------------
| Grants for maxuser@172.17.0.4 |
--------------------------------------------------------------------------------------------------------------------------
| GRANT ALL PRIVILEGES ON . TO 'maxuser'@'172.17.0.4' IDENTIFIED BY PASSWORD '*5EDBD32E469DAE0CE10E6999C3899DEFCB9F12E0' |
--------------------------------------------------------------------------------------------------------------------------
1 row in set (0.00 sec)
MariaDB [(none)]> show grants for 'maxuser'@'172.17.0.10';
---------------------------------------------------------------------------------------------------------------------------
| Grants for maxuser@172.17.0.10 |
---------------------------------------------------------------------------------------------------------------------------
| GRANT ALL PRIVILEGES ON . TO 'maxuser'@'172.17.0.10' IDENTIFIED BY PASSWORD '*5EDBD32E469DAE0CE10E6999C3899DEFCB9F12E0' |
---------------------------------------------------------------------------------------------------------------------------
1 row in set (0.00 sec)
When we try to connect from client to mariadb master via maxscale we get the below error in red:
_ mysql -h 172.17.0.4 -u maxuser -p -P 4008 _
ERROR 1045 (28000): Access denied for user 'maxuser'@'172.17.0.10' (using password: YES)
Maxscale configuration is as below:
Maxscale.cnf
[maxscale]
threads=auto
log_info=true
[server1]
type=server
address=172.17.0.8
port=3306
protocol=MariaDBBackend
[server2]
type=server
address=172.17.0.9
port=3306
protocol=MariaDBBackend
[MariaDB-Monitor]
type=monitor
module=mariadbmon
servers=server1,server2
user=maxuser
passwd=maxpwd
monitor_interval=2000
[Read-Only-Service]
type=service
router=readconnroute
servers=server1,server2
user=maxuser
passwd=maxpwd
router_options=slave
[Read-Write-Service]
type=service
router=readwritesplit
servers=server1,server2
user=maxuser
passwd=maxpwd
[MaxAdmin-Service]
type=service
router=cli
[Read-Only-Listener]
type=listener
service=Read-Only-Service
protocol=MariaDBClient
port=4008
address=0.0.0.0
[Read-Write-Listener]
type=listener
service=Read-Write-Service
protocol=MariaDBClient
port=4006
address=0.0.0.0
[MaxAdmin-Listener]
type=listener
service=MaxAdmin-Service
protocol=maxscaled
socket=default
===================================================================================================================
User Without Password:
On master now we remove the password for the users with following command :
SET password for 'maxuser'@'172.17.0.4' = PASSWORD('') ;
SET password for 'maxuser'@'172.17.0.10' = PASSWORD('') ;
Users & privileges are as below:
MariaDB [(none)]> SELECT User, Host, Password FROM mysql.user;
-------------------------------------------------------------
| User | Host | Password |
-------------------------------------------------------------
| root | localhost | |
| repl | 172.17.0.9 | *A424E797037BF97C19A2E88CF7891C5C2038C039 |
| maxuser | 172.17.0.4 | |
| maxuser | 172.17.0.10 |
-------------------------------------------------------------
4 rows in set (0.00 sec)
MariaDB [(none)]> show grants for 'maxuser'@'172.17.0.10';
--------------------------------------------------------
| Grants for maxuser@172.17.0.10 |
--------------------------------------------------------
| GRANT ALL PRIVILEGES ON . TO 'maxuser'@'172.17.0.10' |
--------------------------------------------------------
1 row in set (0.00 sec)
MariaDB [(none)]> show grants for 'maxuser'@'172.17.0.4';
-------------------------------------------------------
| Grants for maxuser@172.17.0.4 |
-------------------------------------------------------
| GRANT ALL PRIVILEGES ON . TO 'maxuser'@'172.17.0.4' |
-------------------------------------------------------
1 row in set (0.00 sec)
When we try to connect to master from client via maxscale without password being set, the connection is successful.
mysql -h 172.17.0.4 -u maxuser -p -P 4008
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MySQL connection id is 8
Server version: 10.0.0 2.2.1-maxscale
Copyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MySQL [(none)]>
======================================================================
To double check on the grants of users we tried following commands :
From Maxscale:
mysql -h 172.17.0.8 -u maxuser -p -e "show grants"
From Client:
mysql -h 172.17.0.8 -u maxuser -p -e "show grants"
All permissions are granted for these users.
Maxscale.log doesn't show any errors for authentication except error : Failed to read journal file: Expected 671088640 bytes, read 40 bytes. PFA the maxscale log.
Please refer to https://groups.google.com/forum/#!topic/maxscale/X19k13cHBfA for further communication on this.
Please let us know if there are any pointers on this, what could be missing to get this work.