[CONC-25] support for mysql cleartext plugin Created: 2013-04-26 Updated: 2016-01-27 Resolved: 2014-12-18 |
|
| Status: | Closed |
| Project: | MariaDB Connector/C |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | 2.1 |
| Type: | Bug | Priority: | Major |
| Reporter: | Janani SriGuha | Assignee: | Georg Richter |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Issue Links: |
|
||||||||||||
| Description |
|
MySQL has a client side plugin to prevent password hashing. This is required when using PAM authentication. From the documentation - Is there something similar in MariaDB. Using the same option gives an error. |
| Comments |
| Comment by Sergei Golubchik [ 2013-04-26 ] |
|
MariaDB has MySQL's "cleartext" plugin, but we don't use it. This plugin is only used by the MySQL closed source PAM plugin. That plugin has incomplete PAM implementation, that only allows pam modules to ask for a password. Our PAM plugin uses "dialog" plugin, and implements PAM fully, supporting any number of arbitrary prompts and questions. See https://kb.askmonty.org/en/pam-authentication-plugin/ and http://blog.mariadb.org/security-with-two-step-verification/ |
| Comment by Sergei Golubchik [ 2013-06-11 ] |
|
let's still add a constant to the library, so that other clients wouldn't get an error by using it. |
| Comment by Janani SriGuha [ 2013-06-17 ] |
|
Will the constant just be a dummy value to prevent compilation errors? |
| Comment by Sergei Golubchik [ 2013-06-17 ] |
|
yes. there will be no filter on plugin names. a cleartext plugin will be loaded if it is available and the server has requested it, independently from this option settings. |
| Comment by Georg Richter [ 2014-12-18 ] |
|
Fixed in rev. 183 |