MySQL Bugs: #105095: CREATE USER should support REQUIRE SAN

Bug #105095	CREATE USER should support REQUIRE SAN
Submitted:	1 Oct 2021 7:28	Modified:	1 Oct 2021 7:37
Reporter:	Karthik Appigatla (OCA)	Email Updates:
Status:	Verified	Impact on me:	None
Category:	MySQL Server: Security: Privileges	Severity:	S4 (Feature request)
Version:		OS:	Any
Assigned to:		CPU Architecture:	Any

View
Add Comment
Files
Developer
Edit Submission
View Progress Log
Contributions

Description:
As of now, the create user can support SUBJECT name in the authentication.

CREATE USER 'app_rw'@'IP' IDENTIFIED BY PASSWORD '<password_hash>' REQUIRE SUBJECT='/C=US/ST=California/L=Mountain View/O=XXXX/OU=DB/CN=app_hostname'

It would be great if MySQL can support the REQUIRE SAN option as well.

CREATE USER 'app_rw'@'IP' REQUIRE SAN='uri:servicePrincipal(app1)'

This will be helpful in multi-tenet topology where we can authenticate each application just by using the application certificate service principal

How to repeat:
New feature

Hello Karthik,

Thank you for the reasonable feature request!

regards,
Umesh