Comments - Installing an authentication plugin in existing MariaDB container

1 year, 9 months ago abhishek singh

Thanks Daniel

As per the blog, --plugin-load-add is being used with the "docker run" command. The container in my case is already up and running. Also, are there any limitations in terms of MariaDB version for plugin support? For example, I want to add "ed25519" auth plugin to the MariaDB 10.1 container Is that possible or there are any challenges with respect to it?

Also, could you please point me to any reference implementation for the "ed25519" authentication mechanism for MariaDB? I intend replace the existing native authentication based on SHA1Hash with the "ed25519" authentication mechanism

 
1 year, 9 months ago Daniel Black

from: ed25519:

INSTALL SONAME 'auth_ed25519';

This plugin was made before 10.1.

"I intend replace the existing native authentication" - not required, the server advertises to the client the authentication mechanism, the connector C++ loads the client plugin and continues.

https://github.com/mariadb-corporation/mariadb-connector-c/blob/3.3/plugins/auth/ed25519.c implements the client side implementing the client side to the server authentication protocol.

 
1 year, 9 months ago abhishek singh

INSTALL SONAME 'auth_ed25519';

But I don't see the "auth_ed25519.so" under the path /usr/lib/mysql/plugin/ for this particular container. Can I get it from any of the packages? Or can I simply copy it from a source and place it under this path?

I intend replace the existing native authentication - I am actually looking to replace SHA1Hash by ed25519 as it is more secure compared to the latter it seems

 
1 year, 9 months ago abhishek singh

Just to clarify, I am not using the MariaDB connector but it's my own C++ implementation of the same. So I am not using the client libraries which we nornally get as part of the original MariaDB connector.

 
Content reproduced on this site is the property of its respective owners, and this content is not reviewed in advance by MariaDB. The views, information and opinions expressed by this content do not necessarily represent those of MariaDB or any other party.