Details
-
New Feature
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Fixed
-
2.2.21, 2.3.7
-
None
Description
Currently MaxScale caches user credentials causing a (known) situation where after a password is changed on a back-end server, MaxScale successfully authenticates the user with the locally cached old password, and then fails to route the query due to the changed credentials on the back end.
We already have users_refresh_time, which limits how often locally cached user credentials can be re-checked when they fail authentication.
A similar parameter, something like local_password_age, could define a time-limit for how long a user credential will be held in the local cache, evicting the credential after the time runs out. This could be set aggressively in sensitive environments, so that if a user credential were changed on the back-end, this change would be reflected quickly in MaxScale.
Attachments
Issue Links
- relates to
-
MXS-2554 Users are not automatically refreshed
- Closed