MySQL Forums
Forum List  »  Security

Advanced Search
New Topic

Problem with caching_sha2_password and proxy/proxied user
Posted by: Silvio Schloeffel
Date: January 27, 2025 07:07AM

Hi,

I am currently setting up a completely new MySQL 8.4 server in order to migrate an old server to it.
In the course of the work, all users are to be newly created with caching_sha2_password passwords.
Furthermore, users should be given their rights with the help of proxy/proxied user roles.
The creation of users and subsequent login works without any problems.
However, problems occur when I assign rights to the users via grant proxy.
The rights are not transferred to the users.

However, if I change the hashing procedure from caching_sha2_ppassword to sha256_password, the assignment of rights works (same user only a change of the password module).
For security reasons and for testing I created 2 users, same result,
test_user_6 is working, test_user-7 isn't working:

| test_user_6 | sha256_password |
| test_user_7 | caching_sha2_password |

mysql> show grants for 'test_user_6'@'10.234.16.0/255.255.255.0';
+---------------------------------------------------------------------------------------+
| Grants for test_user_6@10.234.16.0/255.255.255.0 |
+---------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO `test_user_6`@`10.234.16.0/255.255.255.0` |
| GRANT PROXY ON `bc_monitoring_proxy`@`%` TO `test_user_6`@`10.234.16.0/255.255.255.0` |
+---------------------------------------------------------------------------------------+
2 rows in set (0,00 sec)

mysql> show grants for 'test_user_7'@'10.234.16.0/255.255.255.0';
+---------------------------------------------------------------------------------------+
| Grants for test_user_7@10.234.16.0/255.255.255.0 |
+---------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO `test_user_7`@`10.234.16.0/255.255.255.0` |
| GRANT PROXY ON `bc_monitoring_proxy`@`%` TO `test_user_7`@`10.234.16.0/255.255.255.0` |
+---------------------------------------------------------------------------------------+
2 rows in set (0,00 sec)


Does caching_sha2 not yet support the assignment of proxy rights?
I can't find anything about restrictions in this regard and also the documentation:
https://dev.mysql.com/doc/refman/8.4/en/proxy-users.html
does not indicate any problems with the module.

The proxy rules under [mysqld] currently look like this:
check_proxy_users=ON
sha256_password_proxy_users=ON

I would be very grateful for any advice

Best

Silvio

Navigate: Previous MessageNext Message
Options: ReplyQuote


Subject
Views
Written By
Posted
Problem with caching_sha2_password and proxy/proxied user
106
Silvio Schloeffel
January 27, 2025 07:07AM
Re: Problem with caching_sha2_password and proxy/proxied user
55
Silvio Schloeffel
January 27, 2025 09:51AM
Re: Problem with caching_sha2_password and proxy/proxied user
44
Georgi Kodinov
January 30, 2025 03:33AM
Re: Problem with caching_sha2_password and proxy/proxied user
38
Silvio Schloeffel
January 30, 2025 04:32AM


Sorry, only registered users may post in this forum.
Click here to login

Content reproduced on this site is the property of the respective copyright holders. It is not reviewed in advance by Oracle and does not necessarily represent the opinion of Oracle or any other party.