Uploaded image for project: 'MariaDB MaxScale'
  1. MariaDB MaxScale
  2. MXS-2527

Parameter to force locally-cached user credential expiration in sensitive environments.

    XMLWordPrintable

Details

    • New Feature
    • Status: Closed (View Workflow)
    • Major
    • Resolution: Fixed
    • 2.2.21, 2.3.7
    • 2.5.0
    • Authenticator, Core
    • None

    Description

      Currently MaxScale caches user credentials causing a (known) situation where after a password is changed on a back-end server, MaxScale successfully authenticates the user with the locally cached old password, and then fails to route the query due to the changed credentials on the back end.

      We already have users_refresh_time, which limits how often locally cached user credentials can be re-checked when they fail authentication.

      A similar parameter, something like local_password_age, could define a time-limit for how long a user credential will be held in the local cache, evicting the credential after the time runs out. This could be set aggressively in sensitive environments, so that if a user credential were changed on the back-end, this change would be reflected quickly in MaxScale.

      Attachments

        Issue Links

          Activity

            People

              toddstoffel Todd Stoffel (Inactive)
              juan.vera Juan
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.