Details
-
Type:
Bug
-
Status: Closed (View Workflow)
-
Priority:
Major
-
Resolution: Fixed
-
Affects Version/s: 2.3.7
-
Fix Version/s: 2.4.1
-
Component/s: Authenticator
-
Labels:None
-
Sprint:MXS-SPRINT-84, MXS-SPRINT-85, MXS-SPRINT-86
Description
MySQLAuth was fixed to check role permissions in MXS-872. It looks like PAMAuth needs a similar fix. See here:
Let's say that you define a PAM user like this:
CREATE ROLE 'admin_role';
|
GRANT ALL PRIVILEGES ON *.* TO 'admin_role';
|
CREATE USER 'pamuser'@'%' IDENTIFIED VIA pam USING 'mariadb';
|
GRANT 'admin_role' TO 'pamuser'@'%';
|
SET DEFAULT ROLE 'admin_role' FOR 'pamuser'@'%';
|
Currently, MaxScale will not recognize the PAM user, because it assumes that it has no privileges. The MaxScale log will contain entries like this:
2019-06-04 10:07:03 notice : Service 'db-service-pam' started (3/12)
|
2019-06-04 10:11:02 notice : Loaded 0 users for service db-service-pam
|