[MXS-2355] MaxScale does not let mysql client 8.0.15 to connect with password Created: 2019-02-27  Updated: 2020-08-25  Resolved: 2019-03-22

Status: Closed
Project: MariaDB MaxScale
Component/s: Authenticator
Affects Version/s: 2.2.15, 2.3.3
Fix Version/s: 2.2.20, 2.3.5

Type: Bug Priority: Major
Reporter: Valerii Kravchuk Assignee: Esa Korhonen
Resolution: Fixed Votes: 0
Labels: None

Sprint: MXS-SPRINT-77, MXS-SPRINT-78

 Description   

In the following simple setup with MariaDB 10.3.13 as a signle back end server:

[maxscale]
 
threads=auto
 
 
 
...
 
 
 
[server3]
 
type=server
 
address=127.0.0.1
 
port=3308
 
protocol=MariaDBBackend
 
 
 
...
 
 
 
[Monitor]
 
type=monitor
 
module=mariadbmon
 
servers=server3
 
user=myuser
 
passwd=mypwd
 
monitor_interval=100
 
 
 
...
 
 
 
[RW-Service]
 
type=service
 
router=readwritesplit
 
servers=server3
 
user=myuser
 
passwd=mypwd
 
enable_root_user=1
 
 
 
...
 
 
 
[RWS-Listener]
 
type=listener
 
service=RW-Service
 
protocol=MariaDBClient
 
port=4006
 
address=127.0.0.1
 
 
 
...

with a user defined as follows:

MySQL [(none)]> select user, host, password from mysql.user where user like 'u1';
 
+------+-----------+-------------------------------------------+
 
| user | host      | password                                  |
 
+------+-----------+-------------------------------------------+
 
| u1   | localhost | *556BEF296211C2AF58F53DA3EDDD0A3371B6ECD5 |
 
| u1   | %         | *556BEF296211C2AF58F53DA3EDDD0A3371B6ECD5 |
 
+------+-----------+-------------------------------------------+
 
2 rows in set (0.001 sec)

MaxScale does NOT let user u1 to connect with password u1 when mysql client from version 8.0.15 is used. Check these:

[openxs@fc23 maria10.3]$ bin/mysql -uu1 -pu1 --host=127.0.0.1 --port=4006
 
Welcome to the MariaDB monitor.  Commands end with ; or \g.
 
Your MySQL connection id is 7
 
Server version: 10.2.12 2.2.15-maxscale Source distribution
 
 
 
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
 
 
 
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
 
 
 
MySQL [(none)]> select current_user();
 
+----------------+
 
| current_user() |
 
+----------------+
 
| u1@localhost   |
 
+----------------+
 
1 row in set (0.000 sec)
 
 
 
MySQL [(none)]> select version();
 
+-----------------+
 
| version()       |
 
+-----------------+
 
| 10.3.13-MariaDB |
 
+-----------------+
 
1 row in set (0.000 sec)
 
 
 
MySQL [(none)]> select @@port, @@socket;
 
+--------+-------------------+
 
| @@port | @@socket          |
 
+--------+-------------------+
 
|   3308 | /tmp/mariadb.sock |
 
+--------+-------------------+
 
1 row in set (0.000 sec)
 
 
 
MySQL [(none)]> exit
 
Bye
 
[openxs@fc23 maria10.3]$ ../8.0/bin/mysql -uu1 -pu1 --host=127.0.0.1 --port=4006
 
mysql: [Warning] Using a password on the command line interface can be insecure.
 
ERROR 1045 (28000): Access denied for user 'u1'@'127.0.0.1' (using password: NO)
 
[openxs@fc23 maria10.3]$ ../8.0/bin/mysql -uu1 -pu1 --host=127.0.0.1 --port=3308
 
mysql: [Warning] Using a password on the command line interface can be insecure.
 
Welcome to the MySQL monitor.  Commands end with ; or \g.
 
Your MySQL connection id is 30
 
Server version: 5.5.5-10.3.13-MariaDB Source distribution
 
 
 
Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.
 
 
 
Oracle is a registered trademark of Oracle Corporation and/or its
 
affiliates. Other names may be trademarks of their respective
 
owners.
 
 
 
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
 
 
 
mysql> select current_user();
 
+----------------+
 
| current_user() |
 
+----------------+
 
| u1@localhost   |
 
+----------------+
 
1 row in set (0.00 sec)
 
 
 
mysql> \s
 
--------------
 
../8.0/bin/mysql  Ver 8.0.15 for Linux on x86_64 (Source distribution)
 
 
 
Connection id:          30
 
Current database:
 
Current user:           u1@localhost
 
SSL:                    Not in use
 
Current pager:          stdout
 
Using outfile:          ''
 
Using delimiter:        ;
 
Server version:         5.5.5-10.3.13-MariaDB Source distribution
 
Protocol version:       10
 
Connection:             127.0.0.1 via TCP/IP
 
Server characterset:    latin1
 
Db     characterset:    latin1
 
Client characterset:    latin1
 
Conn.  characterset:    latin1
 
TCP port:               3308
 
Uptime:                 36 min 54 sec
 
 
 
Threads: 8  Questions: 17017  Slow queries: 0  Opens: 22  Flush tables: 1  Open tables: 16  Queries per second avg: 7.686
 
--------------

Connection with mysql client from 10.3.13 works via MaxScale. Direct connection with mysql 8.0.15 client also works. Note "(using password: NO)" in the failed connection attempt. Looks like MaxScale for some reason does not pass the password while connecting to the back end.

 Comments   
Comment by Valerii Kravchuk [ 2019-02-27 ]

It seems readconnrpoute router is also affected, so it's not router-specific:

[openxs@fc23 maria10.3]$ bin/mysql -uu1 -pu1 --host=127.0.0.1 --port=4008
 
Welcome to the MariaDB monitor.  Commands end with ; or \g.
 
Your MySQL connection id is 6
 
Server version: 10.2.12 2.2.15-maxscale Source distribution
 
 
 
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
 
 
 
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
 
 
 
MySQL [(none)]> select current_user();
 
+----------------+
 
| current_user() |
 
+----------------+
 
| u1@localhost   |
 
+----------------+
 
1 row in set (0.000 sec)
 
 
 
MySQL [(none)]> quit
 
Bye
 
[openxs@fc23 maria10.3]$ maxadmin list services
 
Services.
 
--------------------------+-------------------+--------+----------------+-------------------
 
Service Name              | Router Module     | #Users | Total Sessions | Backend databases
 
--------------------------+-------------------+--------+----------------+-------------------
 
RCR-Service               | readconnroute     |      1 |              3 | server3
 
RW-Service                | readwritesplit    |      1 |              1 | server3
 
MaxAdmin-Service          | cli               |      2 |              2 |
 
MaxInfo                   | maxinfo           |      1 |              1 |
 
--------------------------+-------------------+--------+----------------+-------------------
 
 
 
[openxs@fc23 maria10.3]$ maxadmin list listeners
 
Listeners.
 
---------------------+---------------------+--------------------+-----------------+-------+--------
 
Name                 | Service Name        | Protocol Module    | Address         | Port  | State
 
---------------------+---------------------+--------------------+-----------------+-------+--------
 
RCR-Listener         | RCR-Service         | MariaDBClient      | 127.0.0.1       |  4008 | Running
 
RWS-Listener         | RW-Service          | MariaDBClient      | 127.0.0.1       |  4006 | Running
 
MaxAdmin-Listener    | MaxAdmin-Service    | maxscaled          | default         |     0 | Running
 
MaxInfo-Listener     | MaxInfo             | MySQLClient        | *               |  9003 | Running
 
---------------------+---------------------+--------------------+-----------------+-------+--------
 
 
 
[openxs@fc23 maria10.3]$ ../8.0/bin/mysql -uu1 -pu1 --host=127.0.0.1 --port=4008
 
mysql: [Warning] Using a password on the command line interface can be insecure.
 
ERROR 1045 (28000): Access denied for user 'u1'@'127.0.0.1' (using password: NO)

Comment by markus makela [ 2019-03-02 ]

Possibly caused by the new default authentication method. Setting the --default-auth to the old plugin is likely to solve it.

MaxScale should send a authentication switch request packet to the client if it asks for a plugin that is not supported by MaxScale.

Generated at Thu Feb 08 04:13:31 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.