[MDEV-25258] SET PASSWORD command fail with wsrep api Created: 2021-03-25  Updated: 2022-04-05  Resolved: 2021-04-28

Status: Closed
Project: MariaDB Server
Component/s: Authentication and Privilege System, Galera
Affects Version/s: 10.3.28, 10.2, 10.3
Fix Version/s: 10.2.38, 10.3.29

Type: Bug Priority: Major
Reporter: Muhammad Irfan Assignee: Jan Lindström (Inactive)
Resolution: Fixed Votes: 0
Labels: galera


 Description   

When setting an account password on one node, it's not replicated because the other nodes refuse to apply a hashed password where the requirements cannot be checked.

Node1, where password changed.

Node1:
 
======
 
MariaDB [(none)]> SET PASSWORD FOR 'irfanpass'@'localhost' = PASSWORD('A$10abcdDCBA123456%7');
 
Query OK, 0 rows affected (0.016 sec)
 
 
 
MariaDB [(none)]>
 
MariaDB [(none)]> show grants for 'irfanpass'@'localhost';
 
+------------------------------------------------------------------------------------------------------------------+
 
| Grants for irfanpass@localhost |
 
+------------------------------------------------------------------------------------------------------------------+
 
| GRANT USAGE ON *.* TO `irfanpass`@`localhost` IDENTIFIED BY PASSWORD '*5846CF4D641598B360B3562E581586155C59F65A' |
 
+------------------------------------------------------------------------------------------------------------------+
 
1 row in set (0.000 sec)

And password not updated on rest of nodes in galera cluster.

MariaDB [(none)]> show grants for 'irfanpass'@'localhost';
 
+------------------------------------------------------------------------------------------------------------------+
 
| Grants for irfanpass@localhost                                                                                   |
 
+------------------------------------------------------------------------------------------------------------------+
 
| GRANT USAGE ON *.* TO `irfanpass`@`localhost` IDENTIFIED BY PASSWORD '*310F5FE633BDDA20DDC8D6BD96D76E3C53FD5A86' |
 
+------------------------------------------------------------------------------------------------------------------+
 
1 row in set (0.000 sec)

And error is logged.

2021-03-25  8:37:22 2 [ERROR] Slave SQL: Error 'The MariaDB server is running with the --strict-password-validation option so it cannot execute this statement' on query. Default database: ''. Query: 'SET PASSWORD FOR 'irfanpass'@'localhost'='*5846CF4D641598B360B3562E581586155C59F65A'', Internal MariaDB error code: 1290
 
2021-03-25  8:37:22 2 [Warning] WSREP: RBR event 1 Query apply warning: 1, 7
 
2021-03-25  8:37:22 2 [Warning] WSREP: Ignoring error for TO isolated action: source: ffd63e74-8d1a-11eb-b67b-923af2b87772 version: 4 local: 0 state: APPLYING flags: 65 conn_id: 13 trx_id: -1 seqnos (l: 4, g: 7, s: 6, d: 6, ts: 23754928291917)

password validation is enabled on cluster.

+-----------------------------------------+-------+
 
| Variable_name                           | Value |
 
+-----------------------------------------+-------+
 
| report_password                         |       |
 
| simple_password_check_digits            | 1     |
 
| simple_password_check_letters_same_case | 1     |
 
| simple_password_check_minimal_length    | 14    |
 
| simple_password_check_other_characters  | 1     |
 
| strict_password_validation              | ON    |
 
+-----------------------------------------+-------+



 Comments   
Comment by Elena Stepanova [ 2021-03-28 ]

Seems to work all right in 10.4+, only affects 10.2/10.3.

Generated at Thu Feb 08 09:36:21 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.