Bug #68858 | Need variable for --default-authentication-plugin | ||
---|---|---|---|
Submitted: | 3 Apr 2013 18:42 | Modified: | 27 Jan 2015 15:06 |
Reporter: | Todd Farmer (OCA) | Email Updates: | |
Status: | Closed | Impact on me: | |
Category: | MySQL Server: Options | Severity: | S2 (Serious) |
Version: | 5.6.10 | OS: | Any |
Assigned to: | CPU Architecture: | Any |
[3 Apr 2013 18:42]
Todd Farmer
[14 Aug 2013 4:54]
Nicholas Williams
Yes. Running a precompiled version on Linux, there doesn't appear to be a way to enable this. I have tried putting default-authentication-plugin=sha256_password in my.cnf and manually enabling it by adding --default-authentication-plugin=sha256_password to the startup options in /etc/initi.d/mysql. A quick look at the running processes shows that the command IS being executed with this option: # ps ax|grep mysql 13802 ? S 0:00 /bin/sh /usr/bin/mysqld_safe --mysqld=mysqld --user=mysql --pid-file=/var/run/mysql/mysqld.pid --socket=/var/run/mysql/mysql.sock --default-authentication-plugin=sha256_password --datadir=/var/lib/mysql 14311 ? Sl 0:00 /usr/sbin/mysqld --basedir=/usr --datadir=/var/lib/mysql --plugin-dir=/usr//usr/lib64/mysql/plugin --user=mysql --default-authentication-plugin=sha256_password --log-error=/var/lib/mysql/lynyrd.nickhq.com.err --pid-file=/var/run/mysql/mysqld.pid --socket=/var/run/mysql/mysql.sock --port=3306 But when I look at old_passwords, it is still "0". Documentation indicates that --default-authentication-plugin=sha256_password should have changed it to "2". mysql> show variables like '%password%'\G *************************** 1. row *************************** Variable_name: disconnect_on_expired_password Value: ON *************************** 2. row *************************** Variable_name: old_passwords Value: 0 *************************** 3. row *************************** Variable_name: report_password Value: *************************** 4. row *************************** Variable_name: sha256_password_private_key_path Value: rsa-mysql-server.pem *************************** 5. row *************************** Variable_name: sha256_password_public_key_path Value: rsa-mysql-server.pub mysql> SHOW STATUS LIKE 'rsa_public_key'\G *************************** 1. row *************************** Variable_name: Rsa_public_key Value: -----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDYlaqsKCcb8kGPuZN2TPiAkEHf 3NQoMOCP1UdUheNl6gl79Lzouwh9ChxqwylDwO4ly9fsgFKLuwVyR2YENuoZjWnw Qw1wU8OJBZNGMBjQQAW0HV34jF/UkomfEiTVrxCbVI/XWJwfKYB84LK8sMrk6nwp irQ4Dl3C2/FyGa5y9QIDAQAB -----END PUBLIC KEY----- Version is 5.6.12.
[14 Aug 2013 5:02]
Nicholas Williams
Actually, this might be a different bug. old_passwords may be 0 when it's supposed to be 2, but when I created a new user it set the plugin column in the mysql.user table to "sha256_password" and it stored a hashed password in the mysql.user.authentication_string column instead of the mysql.user.Password column. So --default-authentication-plugin=sha256_password DID enable it, and it DID set old_passwords to 2, but showing the variables false indicates that old_passwords is 0.
[16 Nov 2014 13:55]
Daniël van Eeden
It's easily possible to expose this read-only with a daemon plugin: mysql [(none)] > show global variables like '%default_auth%'; +--------------------------------------------+-----------------------+ | Variable_name | Value | +--------------------------------------------+-----------------------+ | def_auth_var_default_authentication_plugin | mysql_native_password | +--------------------------------------------+-----------------------+ 1 row in set (0.00 sec)
[16 Nov 2014 13:56]
Daniël van Eeden
Expiremental plugin which exposes default authentication plugin as readonly variable. (*) I confirm the code being submitted is offered under the terms of the OCA, and that I am authorized to contribute it.
Contribution: 0001-Add-daemon-plugin-for-Bug-68858.patch (text/x-diff), 3.71 KiB.
[19 Nov 2014 13:17]
Georgi Kodinov
Hi Daniël, Thank you for contributing this plugin ! However, since this is a server variable, we're IMHO better off making it a server status var (and not a plugin).
[27 Jan 2015 15:06]
Jon Stephens
This was fixed in MySQL 5.7.2. See also BUG#73833.