[MDEV-20997] max_password_errors not working Created: 2019-11-06  Updated: 2019-12-24  Resolved: 2019-12-24

Status: Closed
Project: MariaDB Server
Component/s: Authentication and Privilege System
Affects Version/s: 10.4.6
Fix Version/s: N/A

Type: Bug Priority: Major
Reporter: Ayshkanta Assignee: Unassigned
Resolution: Incomplete Votes: 0
Labels: need_feedback


 Description   

We have a requirement to block a user after maximum permitted number of failed connection.

We use max_password_errors Variable but it doesn't seem to take affect. The version of Mariadb we have is Server version: 10.4.6-MariaDB MariaDB Server.

We set this variable in /etc/my.cnf.d/server.cnf file under mariadb section.

  1. This group is only read by MariaDB servers, not by MySQL.
  2. If you use the same .cnf file for MySQL and MariaDB,
  3. you can put MariaDB-only options here
    [mariadb]
    max_password_errors=2

Packages we installed are as below:

rpm -qa|grep -i maria
MariaDB-compat-10.4.6-1.el7.centos.x86_64
MariaDB-cracklib-password-check-10.4.6-1.el7.centos.x86_64
MariaDB-devel-10.4.6-1.el7.centos.x86_64
MariaDB-client-10.4.6-1.el7.centos.x86_64
MariaDB-cracklib-password-check-debuginfo-10.4.6-1.el7.centos.x86_64
MariaDB-common-10.4.6-1.el7.centos.x86_64
MariaDB-server-10.4.6-1.el7.centos.x86_64
galera-4-26.4.2-1.rhel7.el7.centos.x86_64

 Comments   
Comment by Ayshkanta [ 2019-11-08 ]

Can we know if the variable is really working or not. if yes then where is the error at our end.

Comment by Elena Stepanova [ 2019-11-18 ]

It seems to be working for me:

MariaDB [test]> select @@version;
 
+----------------+
 
| @@version      |
 
+----------------+
 
| 10.4.6-MariaDB |
 
+----------------+
 
1 row in set (0.000 sec)
 
 
 
MariaDB [test]> select @@max_password_errors;
 
+-----------------------+
 
| @@max_password_errors |
 
+-----------------------+
 
|                     2 |
 
+-----------------------+
 
1 row in set (0.000 sec)
 
 
 
MariaDB [test]> create user foo@localhost identified by 'password';
 
Query OK, 0 rows affected (0.019 sec)
 
 
 
MariaDB [test]> exit
 
 
 
$ mysql -ufoo -pbar
 
ERROR 1045 (28000): Access denied for user 'foo'@'localhost' (using password: YES)
 
$ mysql -ufoo -pbar
 
ERROR 1045 (28000): Access denied for user 'foo'@'localhost' (using password: YES)
 
$ mysql -ufoo -ppassword
 
ERROR 4150 (HY000): User is blocked because of too many credential errors; unblock with 'FLUSH PRIVILEGES'

Please describe in more detail what you do and how exactly it doesn't work.

Generated at Thu Feb 08 09:03:49 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.