Details
-
New Feature
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Duplicate
-
1.4.3
-
None
Description
As maxscale authentication is currently designed the DBA, must maintain 2 accounts for every user if you want to limit their access by IP instead of using a wildcard host, 1 account with truehost_ip and 1 account with the maxscale_ip.
Two issues I have with this:
1) Additional workload created for me as I have two accounts for every user.
2) The passwords for these accounts must be the same.
This is a problem when the user wants to change their own password.
When I create a new user, I generate a random password and then advise the user to change it using (SET PASSWORD = password_option).
I don't want to know their password. In this situation, this command will only update the password for the maxscale_ip account, since that is how their session is connected.
I will have to either give them permission, and explain why, they will also need to execute SET PASSWORD FOR '<user>'@'truehost_ip' = password_option, or they must tell me their new password and I have to set it myself.
On the other hand using wildcards is an unneeded and in some cases unacceptable security "loosening".