[MDEV-25641] max_password_errors not working with ed25519 auth plugin Created: 2021-05-10  Updated: 2021-05-25  Resolved: 2021-05-22

Status: Closed
Project: MariaDB Server
Component/s: Authentication and Privilege System
Affects Version/s: 10.5.8
Fix Version/s: 10.2.39, 10.3.30, 10.4.20, 10.5.11

Type: Bug Priority: Major
Reporter: William Wong Assignee: Sergei Golubchik
Resolution: Fixed Votes: 0
Labels: None
Environment:

redhat 7


 Description   

Found max_password_errors has no effect for user with ed25519 authentication plugin.

Below is an example of 2 users foo_native and foo_ed25519. foo_native account is being blocked after 2 consecutive wrong password as expected. But foo_ed25519 is not blocked after wrong password count more than max_password_errors (=2).

MariaDB [(none)]> select @@version;
 
+--------------------+
 
| @@version          |
 
+--------------------+
 
| 10.5.8-MariaDB-log |
 
+--------------------+
 
1 row in set (0.000 sec)
 
 
 
MariaDB [(none)]> select @@max_password_errors;
 
+-----------------------+
 
| @@max_password_errors |
 
+-----------------------+
 
|                     2 |
 
+-----------------------+
 
1 row in set (0.000 sec)
 
 
 
MariaDB [(none)]> create user foo_native@localhost identified by 'Abcd1234%' ;
 
Query OK, 0 rows affected (0.004 sec)
 
 
 
MariaDB [(none)]> create user foo_ed25519@localhost identified via ed25519 using password('Abcd1234%') ;
 
Query OK, 0 rows affected (0.004 sec)
 
 
 
MariaDB [(none)]> exit
 
Bye
 
[root@t1vuat-dbaas02 ~]#
 
[root@t1vuat-dbaas02 ~]#
 
[root@t1vuat-dbaas02 ~]#
 
[root@t1vuat-dbaas02 ~]# mysql --defaults-file=/u01/xxxx/my.cnf -ufoo_native -pabc
 
ERROR 1045 (28000): Access denied for user 'foo_native'@'localhost' (using password: YES)
 
[root@t1vuat-dbaas02 ~]# mysql --defaults-file=/u01/xxxx/my.cnf -ufoo_native -pabc
 
ERROR 1045 (28000): Access denied for user 'foo_native'@'localhost' (using password: YES)
 
[root@t1vuat-dbaas02 ~]# mysql --defaults-file=/u01/xxxx/my.cnf -ufoo_native -pabc
 
ERROR 4150 (HY000): User is blocked because of too many credential errors; unblock with 'FLUSH PRIVILEGES'
 
[root@t1vuat-dbaas02 ~]#
 
[root@t1vuat-dbaas02 ~]#
 
[root@t1vuat-dbaas02 ~]#
 
[root@t1vuat-dbaas02 ~]# mysql --defaults-file=/u01/xxxx/my.cnf -ufoo_ed25519 -pabc
 
ERROR 1045 (28000): Access denied for user 'foo_ed25519'@'localhost' (using password: YES)
 
[root@t1vuat-dbaas02 ~]# mysql --defaults-file=/u01/xxxx/my.cnf -ufoo_ed25519 -pabc
 
ERROR 1045 (28000): Access denied for user 'foo_ed25519'@'localhost' (using password: YES)
 
[root@t1vuat-dbaas02 ~]# mysql --defaults-file=/u01/xxxx/my.cnf -ufoo_ed25519 -pabc
 
ERROR 1045 (28000): Access denied for user 'foo_ed25519'@'localhost' (using password: YES)
 
[root@t1vuat-dbaas02 ~]# mysql --defaults-file=/u01/xxxx/my.cnf -ufoo_ed25519 -pabc
 
ERROR 1045 (28000): Access denied for user 'foo_ed25519'@'localhost' (using password: YES)
 
[root@t1vuat-dbaas02 ~]# mysql --defaults-file=/u01/xxxx/my.cnf -ufoo_ed25519 -pabc
 
ERROR 1045 (28000): Access denied for user 'foo_ed25519'@'localhost' (using password: YES)
 
[root@t1vuat-dbaas02 ~]# mysql --defaults-file=/u01/xxxx/my.cnf -ufoo_ed25519 -pabc
 
ERROR 1045 (28000): Access denied for user 'foo_ed25519'@'localhost' (using password: YES)
 
[root@t1vuat-dbaas02 ~]# mysql --defaults-file=/u01/xxxx/my.cnf -ufoo_ed25519 -pabc
 
ERROR 1045 (28000): Access denied for user 'foo_ed25519'@'localhost' (using password: YES)
 
[root@t1vuat-dbaas02 ~]# mysql --defaults-file=/u01/xxxx/my.cnf -ufoo_ed25519 -pabc
 
ERROR 1045 (28000): Access denied for user 'foo_ed25519'@'localhost' (using password: YES)


Generated at Thu Feb 08 09:39:14 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.