Skip to content
This repository has been archived by the owner on Nov 5, 2022. It is now read-only.

Password auth support #6

Open
dveeden opened this issue Feb 7, 2019 · 0 comments
Open

Password auth support #6

dveeden opened this issue Feb 7, 2019 · 0 comments

Comments

@dveeden
Copy link
Contributor

dveeden commented Feb 7, 2019
edited
Loading

Thanks 👍 I can confirm the instructions work as expected. And started exploring the tool, it seems like rippled doesnt use a password field for connection. Any idea if there is a plan to add support for that in it?

Originally posted by @akshaysuryawanshi in #1 (comment)

Part 1: Add password support for connecting to a master: #5
Part 2: Get rippled to verify passwords for things connecting to it (mysql_native_password)
Part 3: Add TLS support
Part 4: Support caching_sha2_password as used in MySQL 8.0, which requires TLS (or RSA pubkey)
This was referenced Feb 7, 2019
Merged
Merged
@dveeden dveeden mentioned this issue Feb 24, 2019
Closed
pivanof pushed a commit that referenced this issue Mar 18, 2019
@dveeden @pivanof
Authenticate client connections with mysql_native_password (#7)
0b6c9f4 
- This only allows one password hash
- This does NOT verify the username
- This won't work for clients that ignore the default authentication method send by the server and are not using mysql_native_password by default. See also: vitessio/vitess#4332 and https://bugs.mysql.com/bug.php?id=93044 . This affects MySQL 8.0 clients as 8.0 always tries to authenticate with caching_sha2_password. The solution is to implement caching_sha2_password over TLS and/or implement AuthSwitchRequest.

Issue: #6

Example use:

$ ./my sql -BNe "SELECT PASSWORD('foobar')"
*9B500343BC52E2911172EB52AE5CF4847604C6E5
$ rippled -ripple_server_password_hash=9B500343BC52E2911172EB52AE5CF4847604C6E5
pivanof added a commit that referenced this issue Aug 19, 2019
@pivanof
Handle Authentication Method Mismatch for MySQL 8.0
71b35f3 
Issue: #6.

See also: https://dev.mysql.com/doc/dev/mysql-server/latest/page_protocol_connection_phase.html#sect_protocol_connection_phase_auth_method_mismatch_method_change

This ensures this happens with MySQL 8.0:
-> ServerGreeting(default_auth=mysql_native_password)
<- Login(auth=caching_sha2)
-> AuthSwitchRequest(auth=mysql_native_password)
<- AuthSwitchResponse(auth data for native auth)

This is based on #9
with modification to compile successfully inside Google and
with adjustments in functionality to fix the bugs revealed by
testing.

Closes: #9.
PiperOrigin-RevId: 263168203
Change-Id: Idac55230713f7905acd4303f2a9a9d322574df14
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@dveeden