Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
--ysql_enable_auth unable to authenticate #2465
Using docker image yugabytedb/yugabyte:220.127.116.11-b16 i am not able to user authenticate with YSQL when using the t-server command option --ysql_enable_auth.
Feedback from mihne.
The above aproach is not practical when automating a deployment of YugabyteDB, when enabling --ysql_enable_auth we should be able to login with default credentials and then create our own accounts and reset the default account password.
The following options all fail with --ysql_enable_auth=true set on all t-servers.
As i mentioned above @m-iancu confirmed on the the Yugabyte slack channel that "There is no password by default which causes issues when creating the cluster with that flag". I was then asked to create this issue.
The only thing that does work is to pass the below giving super user access with no password, however this is not practical or secure in a production environment.
--ysql_hba_conf='host all yugabyte 0.0.0.0/0 trust,host all all 0.0.0.0/0 md5,host all yugabyte ::0/0 trust,host all all ::0/0 md5'
Summary: The default YSQL user `yugabyte` now has password `yugabyte` by default. However, the password is only required if auth is explicitly enabled (e.g. using the `ysql_enable_auth` flag), since otherwise we use trust all. Previously `yugabyte` user had default password `null` so it was no possible to connect to it at all while authentication was enabled. Test Plan: Jenkins, TestPgConfiguration Reviewers: neha Reviewed By: neha Subscribers: yql Differential Revision: https://phabricator.dev.yugabyte.com/D7326
The latest 2.0.1 release has fixed this issue the following way.
@m-iancu pls close this issue when you have a moment since 2.0.1 release is already available for download along with the necessary doc updates.