Xtrabackup doesn't accept sha256 passwords
Affects | Status | Importance | Assigned to | Milestone | ||
---|---|---|---|---|---|---|
Percona XtraBackup moved to https://jira.percona.com/projects/PXB | Status tracked in 2.4 | |||||
2.3 |
Fix Released
|
Medium
|
Sergei Glushchenko | |||
2.4 |
Fix Released
|
Medium
|
Sergei Glushchenko |
Bug Description
my.cnf:
[mysqld]
default-
Create a user with SHA 256 password:
mysql> set old_passwords=2;
Query OK, 0 rows affected, 1 warning (0.00 sec)
mysql> set password for user@'%' = password('secret');
Query OK, 0 rows affected, 1 warning (0.00 sec)
mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)
Run xtrabackup 2.4.4:
[root@localhost ~]# innobackupex --host=127.0.0.1 --user=shaman --password=secret /backups/
161006 02:52:26 innobackupex: Starting the backup operation
IMPORTANT: Please check that the backup run completes successfully.
At the end of a successful backup run innobackupex
prints "completed OK!".
perl: warning: Setting locale failed.
perl: warning: Please check that your locale settings:
LANGUAGE = (unset),
LC_ALL = (unset),
LC_CTYPE = "UTF-8",
LANG = "en_US.UTF-8"
are supported and installed on your system.
perl: warning: Falling back to the standard locale ("C").
161006 02:52:26 version_check Connecting to MySQL server with DSN 'dbi:mysql:
Failed to connect to MySQL server: DBI connect(
161006 02:52:26 Connecting to MySQL server host: 127.0.0.1, user: shaman, password: set, port: 0, socket: /var/lib/
Failed to connect to MySQL server: Authentication plugin 'sha256_password' cannot be loaded: /usr/lib/
Do note that sha256_password is a built-in plugin
Changed in percona-xtrabackup: | |
status: | New → Confirmed |
This bug report related to bug 1546872 and patch will fix both of them.
There are two cases when sha256 passwords are allowed:
1. Connection is encrypted with SSL (works both with client built with YaSSL and OpenSSL) key-path/ public- key-path specified
2. Client is built with OpenSSL and server is started with private-
Both don't work currently.
The fix will:
1. Allow to build xtrabackup with SSL support (with choice of YaSSL or OpenSSL)
2. Link sha256 plugin
Changes need to be done in packaging:
1. Make sure RPM and DEB versions build xtrabackup with system OpenSSL
2. Build binary tarball with YaSSL (or provide several versions for different distros) -- to be decided