connection settings.png
|
Relates |
|||
| relates to |
|
include dialog_examples.so in mariadb... | Closed |
[CONJ-164] Java client library does not support 'dialog' plugin. Created: 2015-06-29 Updated: 2016-05-23 Resolved: 2016-05-23 |
|
| Status: | Closed |
| Project: | MariaDB Connector/J |
| Component/s: | Other |
| Affects Version/s: | 1.1.9 |
| Fix Version/s: | 1.4.0 |
| Type: | Bug | Priority: | Major |
| Reporter: | Eric Burgueno | Assignee: | Diego Dupin |
| Resolution: | Fixed | Votes: | 1 |
| Labels: | None | ||
| Environment: |
On the Client: Windows 7 x64, Geneious, mariadb-java-client-1.1.9.jar |
||
| Attachments: |
connection settings.png
|
||||||||
| Issue Links: |
|
||||||||
| Description |
|
The java client library is unable to authenticate against a server using PAM authentication for the user. The error is:
This may or not be related to How to reproduce:
2. Create a database and user:
3. Attempt to connect from a client application using the java-client.jar library. In our case we are getting this error with Geneious, a genome annotation tool. |
| Comments |
| Comment by Daniel Black [ 2015-07-16 ] |
|
patch: https://github.com/MariaDB/mariadb-connector-j/pull/22 (branched from one critical bit is missing. The dialog will fill in the password if it matches the exact pam text however a callback is needed to fully implement the dialog client extension because PAM could ask for any number of things. I don't know enough about the global outer working of JDBC to be able to recommend this. Do we just launch a modal dialog if no callback is registered? |
| Comment by Diego Dupin [ 2015-07-16 ] |
|
I will check with the implementation of connector/c and ODBC. edit : to be more precise : 1 step auth is ok ... but to be done. (i will check the pull request you've submitted tomorrow daniel) |
| Comment by Daniel Black [ 2015-07-16 ] |
|
Just had fun merging in your HA/Failover commits The dialog prompts come directly from PAM as things for dialog ( https://github.com/MariaDB/server/blob/10.1/plugin/auth_pam/auth_pam.c#L73 ) so I don't easy an easy way around this. If people grant interactive users I suspect its meant to be be used. Of course nothing prevents a callback from caching these prompts/values or the server rejecting those cached values. The c implementation does a prompt - https://github.com/MariaDB/mariadb-connector-c/blob/master/plugins/auth/dialog.c |
| Comment by Daniel Black [ 2015-07-17 ] |
|
Had a bit of a look. https://dev.mysql.com/doc/connector-j/en/connector-j-using-pam.html uses mysql_clear_password is what I assume the same way as I have. It doesn't seem to support the more complicated dialog that two_questions/three_attempts do in https://mariadb.com/kb/en/mariadb/development-pluggable-authentication/. Looking at https://dev.mysql.com/doc/connector-j/en/connector-j-reference-configuration-properties.html it has an semi api defined by defaultAuthenticationPlugin ( com.mysql.jdbc.authentication.MysqlNativePasswordPlugin) which might be the way to proceed with client authentication plugins. Seems defining factory classes as urls args is a consistent way to implement JDBC extensions so one could be defined for the dialog. Perhaps having a constructor of the URL and a getValue(boolean echo, String prompt) interface. |
| Comment by Diego Dupin [ 2016-05-23 ] |
|
PLUGIN authentication like "PAM authentication" has been implemented in 1.4.0. |
