[#MDEV-18268] Users identified via ed25519 are non-functional without password

[MDEV-18268] Users identified via ed25519 are non-functional without password Created: 2019-01-16 Updated: 2020-05-11 Resolved: 2020-05-11
Status:	Closed
Project:	MariaDB Server
Component/s:	Authentication and Privilege System, Documentation, Plugins
Affects Version/s:	10.1, 10.2, 10.3, 10.4
Fix Version/s:	N/A

Type:

Bug

Priority:

Major

Reporter:

Elena Stepanova

Assignee:

Ian Gilfillan

Resolution:

Fixed

Votes:

Labels:

None

Description

Note: Possibly it's just a documentation problem, currently the plugin page doesn't say anything on the subject.

A user identified via ed25519 can be created without a password. It is accepted without errors or warnings:

MariaDB [test]> create user foo@localhost identified via ed25519;

Query OK, 0 rows affected (0.02 sec)

MariaDB [test]> select user, host, password, authentication_string from mysql.user where user = 'foo';

+------+-----------+----------+-----------------------+

| User | Host      | Password | authentication_string |

+------+-----------+----------+-----------------------+

| foo  | localhost |          |                       |

+------+-----------+----------+-----------------------+

1 row in set (0.00 sec)

However, such user cannot connect:

$ bin/mysql --protocol=tcp --port=3308 -ufoo

ERROR 1045 (28000): Access denied for user 'foo'@'localhost' (using password: NO)

$ bin/mysql --protocol=tcp --port=3308 -ufoo -p

Enter password:

ERROR 1045 (28000): Access denied for user 'foo'@'localhost' (using password: NO)

In 10.4 it reports "using password: YES" instead of "using password: NO", but otherwise the result is the same.

Comments

Comment by Sergei Golubchik [ 2019-10-29 ]

Yes. ed25519 plugin requires a password, unlike mysql_native_password that allows no-password logins if an empty password was specified.

Generated at Thu Feb 08 08:42:48 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.