Bug #105095 CREATE USER should support REQUIRE SAN
Submitted: 1 Oct 2021 7:28 Modified: 1 Oct 2021 7:37
Reporter: Karthik Appigatla (OCA) Email Updates:
Status: Verified Impact on me:
None 
Category:MySQL Server: Security: Privileges Severity:S4 (Feature request)
Version: OS:Any
Assigned to: CPU Architecture:Any

[1 Oct 2021 7:28] Karthik Appigatla
Description:
As of now, the create user can support SUBJECT name in the authentication.

CREATE USER 'app_rw'@'IP' IDENTIFIED BY PASSWORD '<password_hash>' REQUIRE SUBJECT='/C=US/ST=California/L=Mountain View/O=XXXX/OU=DB/CN=app_hostname'

It would be great if MySQL can support the REQUIRE SAN option as well.

CREATE USER 'app_rw'@'IP' REQUIRE SAN='uri:servicePrincipal(app1)'

This will be helpful in multi-tenet topology where we can authenticate each application just by using the application certificate service principal

How to repeat:
New feature
[1 Oct 2021 7:37] MySQL Verification Team
Hello Karthik,

Thank you for the reasonable feature request!

regards,
Umesh