Details
-
New Feature
-
Status: Closed (View Workflow)
-
Minor
-
Resolution: Fixed
-
None
-
None
-
MXS-SPRINT-183
Description
For a more seamless password changing procedure it would be nice to be able to temporarily set two passwords for a server, so that you could do:
- configure 2nd password on maxscale side
- change password on server side
- remove old password and make new one the standard one on maxscale side
This way maxscale config change would not need to be perfectly synced with the password change on the server side, maxscale could continue to try the old password first, and the new one on failure of the old one, or vice versa, or always try the one that succeeded on the previous attempt so that only one login failure due to wrong password would happen.
Especially when having multiple maxscale instances there might be a significant time window for the complete password change rollout, and this way we could guarantee that it would still work without any outages.
Attachments
Issue Links
- relates to
-
-
- Closed
-
Activity
This functionality is provided so that MaxScale will remember the previous password (not persistently, but at runtime) and if authentication using the current password fails, it will retry using the previous password, if one is present. Consequently, the procedure for changing the password will simply involve the following steps
- Change the password on maxscale side.
- Change the password on server side.
in that order.
The documentation is available here: https://github.com/mariadb-corporation/MaxScale/blob/develop/Documentation/Getting-Started/Configuration-Guide.md#user-and-password
Instead of having multiple explicit passwords, just storing the latest working password in memory might work. This also ties in with
MXS-3166that would prevent the password from being changed if a connection could not be made with it.