Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cannot configure mysql auth_plugin to use when using MYSQL_PASSWORD environment variable #1039

Closed
Zardozz opened this issue Mar 29, 2024 · 3 comments
Closed

Cannot configure mysql auth_plugin to use when using MYSQL_PASSWORD environment variable #1039

Zardozz opened this issue Mar 29, 2024 · 3 comments

Comments

@Zardozz
Copy link

Zardozz commented Mar 29, 2024

When using the MYSQL_USER, MYSQL_PASSWORD Environment Variables to cause the docker-entrypoint.sh script to setup an initial database user, you cannot specify which auth_plugin to use and thus the user is setup with the default auth_plugin (caching_sha2_password) which might not be suitable for your use.

The user creation command as defined in https://dev.mysql.com/doc/refman/8.0/en/create-user.html
allows you to specify the auth_plugin to use when creating a user.

Thus I suggest that docker_setup_db() of docker-entrypoint.sh script check for an additional Environment Variable like
MYSQL_PASSWORD_PLUGIN

And then
docker_process_sql --database=mysql <<<"CREATE USER '$MYSQL_USER'@'%' IDENTIFIED WITH '$MYSQL_PASSWORD_PLUGIN' BY '$MYSQL_PASSWORD' ;"

Then you could use other plugins like "mysql_native_password" if required
@LaurentGoderre LaurentGoderre mentioned this issue May 1, 2024
Closed
@LaurentGoderre
Copy link
Member

#1048 has more details on this

@Zardozz
Copy link
Author

Zardozz commented May 7, 2024

While a native password plugin was one of the drivers for this request, there are many other plugins listed in the docs https://dev.mysql.com/doc/refman/8.0/en/authentication-plugins.html and I thought it might be useful to be able to select others as well.

@yosifkit
Copy link
Member

yosifkit commented May 7, 2024

As far as I can tell, the mysql-community-server-minimal-8.4 package that we install doesn't include many auth plugins. There are authentication_*.so files, but they seem to be for client, not server.

docker run -it --rm mysql:8.4 bash
bash-5.1# ls -l /usr/lib64/mysql/plugin/
total 19016
-rwxr-xr-x 1 root root   31016 Apr 10 08:21 adt_null.so
-rwxr-xr-x 1 root root   15752 Apr 10 08:21 auth_socket.so
-rwxr-xr-x 1 root root 6659264 Apr 10 08:21 authentication_kerberos_client.so
-rwxr-xr-x 1 root root   70552 Apr 10 08:21 authentication_ldap_sasl_client.so
-rwxr-xr-x 1 root root  173472 Apr 10 08:21 authentication_oci_client.so
-rwxr-xr-x 1 root root 6638904 Apr 10 08:21 authentication_webauthn_client.so
-rwxr-xr-x 1 root root   24592 Apr 10 08:21 component_audit_api_message_emit.so
...

We don't currently want to add more env vars as the entrypoint script is already very complex. If you need more complex user setup, then a .sql or .sh script in /docker-entrypoint-initdb.d/ is the best answer.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@yosifkit @LaurentGoderre @Zardozz