mysql-proxy does not work with server/client authentication plugins
Bug #64063 | mysql-proxy does not work with server/client authentication plugins | ||
---|---|---|---|
Submitted: | 18 Jan 2012 22:39 | Modified: | 24 Jan 2012 22:28 |
Reporter: | Email Updates: | ||
Status: | Verified | Impact on me: | None |
Category: | Proxy: Core | Severity: | S3 (Non-critical) |
Version: | 0.8.2 | OS: | Any |
Assigned to: | Target Version: | ||
Tags: | , | ||
Triage: | Needs Triage: D3 (Medium) |
- View
[18 Jan 2012 22:39] Zhang Lu
[19 Jan 2012 17:45] Sveta Smirnova
Thank you for the report. Do you use binary package of MySQL Proxy or compiled it yourself?
[19 Jan 2012 20:19] Zhang Lu
I tried both. They provided same results.
[23 Jan 2012 19:47] Sveta Smirnova
Thank you for the feedback. I can not repeat described behavior nor with self-compiled version, neither with mysql-proxy-0.8.2-linux-glibc2.3-x86-64bit.tar.gz package. Please provide link to 0.9 binaries you used.
[23 Jan 2012 21:06] Zhang Lu
Well, my bad. I thought I compiled 0.9 but it was 0.8.2. Here is the details as how to re-pro. 1. Download and install mysql-proxy 0.8.2 (binary from dev.mysql.com) 2. setup mysql server 5.5.19 on same host 3. download and build mysql-auth-pam from 4. Setup /etc/pam.d/mysqld as following #%PAM-1.0 auth required pam_env.so auth sufficient pam_krb5.so use_first_pass auth required pam_deny.so account [default=bad success=ok user_unknown=ignore] pam_krb5.so account required pam_permit.so 5. Install the auth plugin 6. setup a user to use this plugin, the user should have an Unix account/password 7. verify user can login directly to MySQL server using unix account/password 8. try connect user through mysql-proxy port and the following is printed in mysql-proxy error log. Proxy server restarts after that. 2012-01-23 15:25:59: ((error)) network-mysqld.c.676: unexpected state for SEND_AUTH_RESULT: 01 2012-01-23 15:25:59: (debug) chassis-unix-daemon.c:167: 2338 returned: 2338 2012-01-23 15:25:59: (critical) chassis-unix-daemon.c:189: [angel] PID=2338 died on signal=5 (it used 1 kBytes max) ... waiting 3min before restart 2012-01-23 15:26:01: (debug) chassis-unix-daemon.c:121: we are the child: 2353 2012-01-23 15:26:01: (message) mysql-proxy 0.8.2 started 2012-01-23 15:26:01: (debug) max open file-descriptors = 1024 2012-01-23 15:26:01: (message) proxy listening on port :4040 2012-01-23 15:26:01: (message) added read/write backend: 127.0.0.1:3306 2012-01-23 15:26:01: (message) chassis-unix-daemon.c:136: [angel] we try to keep PID=2353 alive 2012-01-23 15:26:01: (debug) chassis-unix-daemon.c:157: waiting for 2353 Clearly, when the user session is authenticated using a plugin, con->auth_result_state is 1 which is not handled, and caused the error.
[24 Jan 2012 18:56] Sveta Smirnova
Thank you for the feedback. Verified as described. MySQL Proxy works with test auth plugin bundled with MySQL, but as client compiled with 5.5 libraries is supposed to work with any plugin I think this should be considered as our bug first.
[24 Jan 2012 18:57] Sveta Smirnova
I used a /etc/pam.d/mysqld content as suggested in Percona PAM plugin user manual at : auth required pam_unix.so account required pam_unix.so
[24 Jan 2012 22:28] Zhang Lu
I have made a quick patch to 0.8.2 and it worked fine with PAM AUTH. --- src/network-mysqld.c 2011-08-17 10:50:54.000000000 -0400 +++ ../myproxy-0.8.2/src/network-mysqld.c 2012-01-24 17:02:06.000000000 -0500 @@ -661,6 +661,9 @@ case MYSQLD_PACKET_OK: con->state = CON_STATE_READ_QUERY; break; + case AUTH_PAM_REQUEST: + con->state = CON_STATE_READ_AUTH_RESULT; + break; case MYSQLD_PACKET_ERR: con->state = CON_STATE_ERROR; break; --- src/network-mysqld-proto.h 2011-08-17 10:50:54.000000000 -0400 +++ ../myproxy-0.8.2/src/network-mysqld-proto.h 2012-01-24 17:04:32.000000000 -0500 @@ -50,6 +50,7 @@ #endif #define MYSQLD_PACKET_OK (0) + #define AUTH_PAM_REQUEST (1) #define MYSQLD_PACKET_RAW (0xfa) /* used for proxy.response.type only */ #define MYSQLD_PACKET_NULL (0xfb) /* 0xfb */ /* 0xfc */
[25 Jan 2012 5:47] Jan Kneschke
Please verify that the code from ~mysql-proxy-developers/mysql-proxy/0.8 also fixes this issue for you.
[30 Jan 2012 19:00] Sveta Smirnova
Jan, it asks password, then hangs.
來自 “ ITPUB部落格 ” ,連結:http://blog.itpub.net/90618/viewspace-1062678/,如需轉載,請註明出處,否則將追究法律責任。
相關文章
- Client does not support authentication protocol requested by server; consider upgrading MySQL clientclientProtocolServerIDEMySql
- 高版本mysql訪問出現Client does not support authentication protocol requested by server;MySqlclientProtocolServer
- MYSQL(解決方法):Client does not support authentication(轉)MySqlclient
- navicat本地連線mysql出現1251--Client does not support authentication protocol requested by server的解決方法MySqlclientProtocolServer
- How does a HashMap work in JAVAHashMapJava
- How does an Electric Motor work? (DC Motor)
- Connect SQL Server from Linux Client using Windows Authentication and troubleshoot stepsSQLServerLinuxclientWindows
- 【HPUX】What to do when mount does not work on HP-UX?UX
- Bug 6083037 - Server side load balancing does not work [ID 6083037.8]ServerIDE
- z-index does not work in Internet Explorer with pdf in iframeIndex
- Source Code Reading for Vue 3: How does `hasChanged` work?Vue
- Navicat 遠端連線docker容器中的mysql 報錯1251 - Client does not support authentication protocol 解決辦法DockerMySqlclientProtocol
- org.apache.maven.plugins:maven-archetype-plugin does not existApacheMavenPlugin
- SAP Retail Listing – How does it work (中英文對照版)AI
- Setting title-center on "< h1> " element on Android does not work, fixAndroid
- RPC:authentication error:why = server rejected credentialRPCErrorServer
- Blazor Server完美實現Cookie Authorization and AuthenticationBlazorServerCookie
- The plugin 'org.apache.maven.plugins:maven-tomcat-plugin' does not exist or no vPluginApacheMavenTomcat
- MySQL client server 協議MySqlclientServer協議
- svn This client is too old to work with working copy錯誤解決方案client
- Oracle10g Export/Import DataPump Does Not Work with Tapes or UNIX Named Pipes [ID 276521.1]OracleExportImport
- How does ASM work with RAID where striping and mirroring are already built-in?ASMAIUI
- MongoDB server returned error on SASL authentication step: BSON field 'saslCoMongoDBServerError
- web server apache tomcat11-29-Windows AuthenticationWebServerApacheTomcatWindows
- 使用Virtual Infrastructure Client 管理 VMWare ServerASTStructclientServer
- Introduction to Client/Server Architecture (273)clientServer
- Java 在Client/Server 中應用JavaclientServer
- No Response from the Server, Does it Hang or Spin? (Doc ID 68738.1)Server
- 《Client-Server Web Apps with JavaScript and Java》選讀:什麼是Client-Server Web App?clientServerWebAPPJavaScript
- ONS自動offline - Authentication OSD error, op: scls_auth_client_response_setErrorclient
- client: c#+protobuf, server: golang+protobufclientC#ServerGolang
- SUSE 11 NFS server/client 安裝配置NFSServerclient
- IIS與oracle client ,還是oracle server ?OracleclientServer
- mysql原碼安裝(server和client)MySqlServerclient
- Oracle client/server architecture's benefits (275)OracleclientServer
- Ubuntu安裝mysql-proxyUbuntuMySql
- oracle11g:Prvf-0042: /usr/local/bin/ssh request by the client does not existOracleclient
- 深入淺出 Redis client/server互動流程RedisclientServer