-
Notifications
You must be signed in to change notification settings - Fork 5.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support for caching_sha2_password #9411
Comments
I found a solution: https://dev.mysql.com/doc/refman/8.0/en/upgrading-from-previous-series.html#upgrade-caching-sha2-password So, after calling mysql_options(&mysql, MYSQL_DEFAULT_AUTH, "mysql_native_password"); I was able to connect. Do you plan on supporting AUTH via |
@ian-p-cooke |
ok, I can use mysql_native_password so I'm ok with that. You can close this issue if you like. |
Support for auth switch has been added to master in #19959 - so MySQL 8.0 clients will now work without changes. I will leave this issue open for actually adding |
Issue link: pingcap#9411 What this does: - Check the `plugin` column of the `mysql.user` table. - Based on the plugin from the user record and the plugin the client sent we may need to switch the authentication plugin to match the one from the user record - For accounts with `caching_sha2_password` send the "fast authentication failed" response to trigger full authentication. - call `auth.CheckShaPassword` to validate the user. Implemented functionality: - Full authentication with `caching_sha2_password` over TLS - The `default_authentication_plugin` variable - `CREATE USER... IDENTIFIED WITH 'caching_sha2_password'...` - `SET PASSWORD...` - `ALTER USER ... IDENTIFIED BY...` Missing functionality: - Support for the RSA public key request packet & response - Support for RSA key based secret exchange - Fast authentication (validate against cached entry) Related: - Requires pingcap/parser#1232 - pingcap#24141 makes testing of this easier, but this is not required.
If no `ssl-cert` or `ssl-key` are specified: Create a self signed cert in the temp storage and use that. This allows TLS to be used when no user created certificates are available. Especially for `tiup playground` and other simple cases this should be sufficient. Note that for `caching_sha2_password` support we will either need TLS connections or RSA keypairs. This brings us a step closer in that direction. The created certificate are valid for 90 days and new certificates are created every 30 days. See also: - "Automatic SSL and RSA File Generation" on https://dev.mysql.com/doc/refman/8.0/en/creating-ssl-rsa-files-using-mysql.html - https://docs.pingcap.com/tidb/stable/enable-tls-between-clients-and-servers - pingcap#9411 - pingcap#18084
…gcap#1232) This allows validating passwords against the `authentication_string` data that MySQL stores for caching_sha2 passwords. Related: - pingcap#9411
This allows validating passwords against the `authentication_string` data that MySQL stores for caching_sha2 passwords. Related: - #9411
Bug Report
Please answer these questions before submitting your issue. Thanks!
If possible, provide a recipe for reproducing the error.
Windows 10
libmysql 8.0.4-3 installed via vcpkg
Visual Studio 2017
build/run an example C client that uses libmysql to connect to database. I actually started out trying to use Rust with Diesel but boiled the problem down to using the C library.
"success!"
especially since DataGrip (JDBC driver) and mysql cli can connect and work fine.
"Failed to connect to database: Error: Unknown MySQL error"
TiDB had no errors it its log.
tidb-server -V
or runselect tidb_version();
on TiDB)?deployed via docker-compose (https://github.com/pingcap/tidb-docker-compose)
Release Version: v3.0.0-beta-27-g6398788
Git Commit Hash: 6398788
Git Branch: master
UTC Build Time: 2019-01-31 08:42:28
GoVersion: go version go1.11.2 linux/amd64
Race Enabled: false
TiKV Min Version: 2.1.0-alpha.1-ff3dd160846b7d1aed9079c389fc188f7f5ea13e
Check Table Before Drop: false
The text was updated successfully, but these errors were encountered: