You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This variable was added to support MySQL 8.0 and PHP 7.2, to be able to set it to mysql_native_password. However, PHP 7.4 now supports caching_sha2_password but the default in here is set to the former:
Since AtoM 2.7 will require PHP 7.4 (and I think that was the only use case for this legacy auth. method), we should consider changing the default to caching_sha2_password a more secure authentication method, or just remove it's default as we're checking that the var is defined before using it:
I don't know exactly how this role works upgrading existing instances, but we should consider how this change could affect those instances where we may needed to update existing user passwords:
ALTER USER 'atom'@'localhost' IDENTIFIED WITH caching_sha2_password BY '12345';
The text was updated successfully, but these errors were encountered:
I need more time to investigate, but in my first try I changed the plugin in an already mysql_native_password configured percona server and after this change I couldn't add/update more users with the role.
Configuring a server from scratch and using mysql_default_authentication_plugin: "mysql_native_password" works fine.
So I think it is a bit dangerous setting caching_sha2_password as default value.
This variable was added to support MySQL 8.0 and PHP 7.2, to be able to set it to
mysql_native_password
. However, PHP 7.4 now supportscaching_sha2_password
but the default in here is set to the former:https://github.com/artefactual-labs/ansible-percona/blob/master/defaults/main.yml#L55
Since AtoM 2.7 will require PHP 7.4 (and I think that was the only use case for this legacy auth. method), we should consider changing the default to
caching_sha2_password
a more secure authentication method, or just remove it's default as we're checking that the var is defined before using it:https://github.com/artefactual-labs/ansible-percona/search?q=mysql_default_authentication_plugin
I don't know exactly how this role works upgrading existing instances, but we should consider how this change could affect those instances where we may needed to update existing user passwords:
ALTER USER 'atom'@'localhost' IDENTIFIED WITH caching_sha2_password BY '12345';
The text was updated successfully, but these errors were encountered: