[MDEV-12834] mysql_secure_installation should ask about unix_socket authentication Created: 2017-05-17  Updated: 2020-08-25  Resolved: 2019-02-12

Status: Closed
Project: MariaDB Server
Component/s: Authentication and Privilege System, Plugin - unix_socket, Scripts & Clients
Fix Version/s: 10.4.3

Type: Task Priority: Critical
Reporter: Geoff Montee (Inactive) Assignee: Sergei Golubchik
Resolution: Fixed Votes: 0
Labels: authentication, mysql_secure_installation, unix_socket

Issue Links:
Relates
relates to MDEV-12484 Enable unix socket authentication by ... Closed
relates to MDEV-12484 Enable unix socket authentication by ... Closed

 Description   

As part of MDEV-12484, it might be worth changing mysql_secure_installation to ask the user if they want to configure 'root'@'localhost' to use unix_socket authentication. If the user answers 'yes', then the tool should probably not also set a password for that user account.

 Comments   
Comment by Daniel Black [ 2017-05-17 ]

Why should a less secure password option be given to the user? After all unix socket with ties the authention of the root db user directly to the most privileged Unix user rather than a password that can be shared or lost. Users can create another user for super access.

Comment by Geoff Montee (Inactive) [ 2017-05-17 ]

Hi danblack,

Why should a less secure password option be given to the user? After all unix socket with ties the authention of the root db user directly to the most privileged Unix user rather than a password that can be shared or lost. Users can create another user for super access.

I don't entirely follow what you mean. Right now, mysql_secure_installation asks the user if they would like to set a password for the root@localhost account. I am suggesting that it should ask the user if they would like to make the root@localhost account use unix_socket authentication instead of a password. As far as I can tell, this seems to be the opposite of what you think this issue means (i.e. "a less secure password option"). Are you suggesting that you think unix_socket authentication is less secure than a password?

If I misunderstood something, please feel free to clarify.

Comment by Daniel Black [ 2017-12-18 ]

Looking back, I'm fairly sure I misunderstood completely. Sorry.

Generated at Thu Feb 08 08:00:50 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.