MySQL 8.0.4 RC: auth_socket Users Beware!

MySQL 8.0.4 RC: auth_socket Users Beware!

PREVIOUS POST
NEXT POST

MySQL 8.0.4 RCThe news that the latest MySQL 8.0.4 RC (release candidate) is available is indeed exciting. Unfortunately for users of the auth_socket plugin, dangers lie in wait!

Back in November 2015, I reported Failure of auth_socket authentication with sha256_password as default. This prevents users that identify with the auth_socket plugin from logging in after SHA256 authentication has been made the default authentication method. With the news that in MySQL 8.0.4 RC the default_authentication_plugin is changed to caching_sha2_password, I was keen to find out if they addressed this bug.

The source code for the test was downloaded from dev.mysql.com and compiled using the release options. A few options were disabled to reduce build time, as well as setting the path prefixes and ensuring that we use my local OpenSSL libraries:

After completing the build and build tests, MySQL Sandbox was used to create a test instance using the low_level_make_sandbox  command for some extra control. Afterward, it is necessary to restore the default_authentication_plugin because it changed to mysql_native_password during the installation process:

After starting the instance, I then created the quick test case. This installs the auth_socket plugin and creates a user that will use it to identify themselves:

Sadly, a familiar outcome greeted me when trying to connect via this new user – although interestingly, a new error message!

We can see the expected error message by connecting using a 5.7 client (a handshake error):

While there are lots of great improvements and new features in MySQL 8.0.4 RC, any systems that are using the auth_socket plugin will need to ensure that they force default_authentication_plugin=mysql_native_password – at least for now.

PREVIOUS POST
NEXT POST

Share this post

Comments (2)

  • datacharmer Reply

    Please note that MySQL Sandbox 3.2.16 has an option ” –keep_auth_plugin”, which will prevent changing the default plugin during installation.

    January 24, 2018 at 4:31 pm
  • Ceri Williams Reply

    Thanks for adding that in!

    January 24, 2018 at 4:54 pm

Leave a Reply