Percona XtraBackup moved to https://jira.percona.com/projects/PXB

Xtrabackup doesn't accept sha256 passwords

Bug #1630841 reported by Jaime Sicam
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Percona XtraBackup moved to https://jira.percona.com/projects/PXB
Status tracked in 2.4
2.3
Fix Released
Medium
Sergei Glushchenko
Percona XtraBackup moved to https://jira.percona.com/projects/PXB 2.3.6
2.4
Fix Released
Medium
Sergei Glushchenko
Percona XtraBackup moved to https://jira.percona.com/projects/PXB 2.4.5

Bug Description

my.cnf:
[mysqld]
default-authentication-plugin=sha256_password

Create a user with SHA 256 password:
mysql> set old_passwords=2;
Query OK, 0 rows affected, 1 warning (0.00 sec)
mysql> set password for user@'%' = password('secret');
Query OK, 0 rows affected, 1 warning (0.00 sec)
mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)

Run xtrabackup 2.4.4:
[root@localhost ~]# innobackupex --host=127.0.0.1 --user=shaman --password=secret /backups/
161006 02:52:26 innobackupex: Starting the backup operation

IMPORTANT: Please check that the backup run completes successfully.
           At the end of a successful backup run innobackupex
           prints "completed OK!".

perl: warning: Setting locale failed.
perl: warning: Please check that your locale settings:
 LANGUAGE = (unset),
 LC_ALL = (unset),
 LC_CTYPE = "UTF-8",
 LANG = "en_US.UTF-8"
    are supported and installed on your system.
perl: warning: Falling back to the standard locale ("C").
161006 02:52:26 version_check Connecting to MySQL server with DSN 'dbi:mysql:;mysql_read_default_group=xtrabackup;host=127.0.0.1;mysql_socket=/var/lib/mysql/mysql.sock' as 'shaman' (using password: YES).
Failed to connect to MySQL server: DBI connect(';mysql_read_default_group=xtrabackup;host=127.0.0.1;mysql_socket=/var/lib/mysql/mysql.sock','shaman',...) failed: Client does not support authentication protocol requested by server; consider upgrading MySQL client at - line 1314
161006 02:52:26 Connecting to MySQL server host: 127.0.0.1, user: shaman, password: set, port: 0, socket: /var/lib/mysql/mysql.sock
Failed to connect to MySQL server: Authentication plugin 'sha256_password' cannot be loaded: /usr/lib/plugin/sha256_password.so: cannot open shared object file: No such file or directory.

Do note that sha256_password is a built-in plugin

Tags: i142102
Jaime Sicam (jssicam)
Changed in percona-xtrabackup:
status: New → Confirmed
Revision history for this message
Sergei Glushchenko (sergei.glushchenko) wrote :

This bug report related to bug 1546872 and patch will fix both of them.

There are two cases when sha256 passwords are allowed:

1. Connection is encrypted with SSL (works both with client built with YaSSL and OpenSSL)
2. Client is built with OpenSSL and server is started with private-key-path/public-key-path specified

Both don't work currently.

The fix will:

1. Allow to build xtrabackup with SSL support (with choice of YaSSL or OpenSSL)
2. Link sha256 plugin

Changes need to be done in packaging:

1. Make sure RPM and DEB versions build xtrabackup with system OpenSSL
2. Build binary tarball with YaSSL (or provide several versions for different distros) -- to be decided

Revision history for this message
Sergei Glushchenko (sergei.glushchenko) wrote :

  - https://github.com/percona/percona-xtrabackup/pull/256
  - https://github.com/percona/percona-xtrabackup/pull/257

Revision history for this message
Shahriyar Rzayev (rzayev-sehriyar) wrote :

Percona now uses JIRA for bug reports so this bug report is migrated to: https://jira.percona.com/browse/PXB-766

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.