Uploaded image for project: 'MariaDB MaxScale'
  1. MariaDB MaxScale
  2. MXS-2918

PAM authentication matches host name in IPv6-ish format

    XMLWordPrintable

Details

    • MXS-SPRINT-111

    Description

      This seems to be more a side effect from how the network stack is used by MaxScale than a defect, but since it is undocumented, likely deserves some attention.

      When using PAM with MaxScale, the latter looks up a MariaDB user with empty username, then compares the host, from which the client is connecting, to the host in MariaDB user's record.

      When only IPv4 is involved, if the MariaDB user is created as
      ''@'192.168.%'
      then MariaDB server will let the user log on via PAM, but MaxScale will not - because MaxScale looks up the IP address in an IPv6-is form, so the MariaDB user must be created as
      ''@'::ffff:192.168.%'
      in which case the host is matches properly and PAM authentication succeeds.

      While MaxScale prints an error message with this IPv6-ish format of the host when authentication fails, it may still be worth either putting this into the documentation or, even better, fixing MaxScale somehow to only use the true 32-bit IP address when IPv4 is involved.

      Attachments

        Activity

          People

            esa.korhonen Esa Korhonen
            assen.totin Assen Totin (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.