zettadb / kunlun

KunlunBase is a distributed relational database management system(RDBMS) with complete NewSQL capabilities and robust transaction ACID guarantees and is compatible with standard SQL. Applications which used PostgreSQL or MySQL can work with KunlunBase as-is without any code change or rebuild because KunlunBase supports both PostgreSQL and MySQL connection protocols and DML SQL grammars. MySQL DBAs can quickly work on a KunlunBase cluster because we use MySQL as storage nodes of KunlunBase. KunlunBase can elastically scale out as needed, and guarantees transaction ACID under error conditions, and KunlunBase fully passes TPC-C, TPC-H and TPC-DS test suites, so it not only support OLTP workloads but also OLAP workloads. Application developers can use KunlunBase to build IT systems that handles terabytes of data, without any effort on their part to implement data sharding, distributed transaction processing, distributed query processing, crash safety, high availability, strong consistency, horizontal scalability. All these powerful features are provided by KunlunBase. KunlunBase supports powerful and user friendly cluster management, monitor and provision features, can be readily used as DBaaS.
http://www.kunlunbase.com
Apache License 2.0
143 stars 20 forks source link

修复mysql协议密码验证问题 #773

Open jd-zhang opened 2 years ago

jd-zhang commented 2 years ago

Issue migrated from trac ticket # 832

component: computing nodes | priority: major

2022-06-17 11:46:41: smith created the issue


** 背景

mysql协议使用mysql native password和postgres原生的密码认证机制是不一致的:

1、服务器端,pg认证算法输入的是md5(username, password),或者“SCRAM-SHA-256”;
2、服务器端,mysql认证算法输入的是sha1(sha1(password));

-* 问题

在mysql模式下,误将(1)作为认证算法的输入参数,导致错误。

-* 方案解决

1、 密码存储

系统表pg_authid的rolpassword字段中存储着加密之后的用户密码,但该字段只能作为pg认证算法的输入参数。
为了支持mysql的native认证,还需要添加sha1(sha1(密码))的值,并用"$N:"作为分隔符,例如;
“md592c074ab9a9001858fc1d5ff13c57b10$N:*00D746AD2A964EB21500C96749BD064935225009”

2、密码提取

以"$N:"作为分隔符,分别提取出pg模式和mysql模式下认证算法需要的输入信息

3、其他:

pg_dump: 确保密码能够顺利倒入导出;
ddl复制:用户设置的密码能够成功的同步到其他计算节点
jd-zhang commented 2 years ago

2022-06-17 11:46:49: smith edited the issue description

jd-zhang commented 2 years ago

2022-06-17 11:46:49: smith changed owner from david to smith

jd-zhang commented 2 years ago

2022-06-17 11:46:49: smith changed status from new to accepted