EmergencyEMERGENCY? Get 24/7 Help Now!

MySQL 8.0.4 RC: auth_socket Users Beware!

 | January 24, 2018 |  Posted In: Insight for DBAs, MySQL, MySQL 8.0, Security

PREVIOUS POST
NEXT POST

MySQL 8.0.4 RCThe news that the latest MySQL 8.0.4 RC (release candidate) is available is indeed exciting. Unfortunately for users of the auth_socket plugin, dangers lie in wait!

Back in November 2015, I reported Failure of auth_socket authentication with sha256_password as default. This prevents users that identify with the auth_socket plugin from logging in after SHA256 authentication has been made the default authentication method. With the news that in MySQL 8.0.4 RC the default_authentication_plugin is changed to caching_sha2_password, I was keen to find out if they addressed this bug.

The source code for the test was downloaded from dev.mysql.com and compiled using the release options. A few options were disabled to reduce build time, as well as setting the path prefixes and ensuring that we use my local OpenSSL libraries:

After completing the build and build tests, MySQL Sandbox was used to create a test instance using the low_level_make_sandbox  command for some extra control. Afterward, it is necessary to restore the default_authentication_plugin because it changed to mysql_native_password during the installation process:

After starting the instance, I then created the quick test case. This installs the auth_socket plugin and creates a user that will use it to identify themselves:

Sadly, a familiar outcome greeted me when trying to connect via this new user – although interestingly, a new error message!

We can see the expected error message by connecting using a 5.7 client (a handshake error):

While there are lots of great improvements and new features in MySQL 8.0.4 RC, any systems that are using the auth_socket plugin will need to ensure that they force default_authentication_plugin=mysql_native_password – at least for now.

PREVIOUS POST
NEXT POST
Ceri Williams

Ceri is a Senior Technical Operations Engineer at Percona. He has previously worked in a variety of industries ranging from telecoms to skin care and online travel, nearly always with a database by his side for more than 10 years. Living in the Welsh Marches area of the UK with his partner and children, Ceri enjoys the rural life and beautiful countryside whenever possible.

2 Comments

Leave a Reply