Bug 1025856

Summary: incorrect passwords can connect after change_mysql_password is run
Product: OpenShift Online Reporter: Paul Morie <pmorie>
Component: ContainersAssignee: Paul Morie <pmorie>
Status: CLOSED CURRENTRELEASE QA Contact: libra bugs <libra-bugs>
Severity: medium Docs Contact:
Priority: medium    
Version: 2.xCC: bmeng, chunchen
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-01-24 03:28:33 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Paul Morie 2013-11-01 18:31:41 UTC
While preparing to run the change_mysql_password script in production, ops found that users with incorrect passwords could connect after the script was run.  The correct behavior is for the password to be reset if it has been changed and invalid passwords to be rejected.

Comment 1 Paul Morie 2013-11-01 21:06:58 UTC
Additionally, this tool should reset the password to the value in the env, not generate a new value.

Comment 2 openshift-github-bot 2013-11-01 21:07:21 UTC
Commits pushed to master at https://github.com/openshift/li

https://github.com/openshift/li/commit/2df67cefc9d742fac60eef0c63613db56f61ab84
Fix bug 1025856
Signed-off-by: Stefanie Forrester <sedgar>

https://github.com/openshift/li/commit/e4b7356536f133c784b196cfc9bf1b2687b5475f
Fix bug 1025856: reset to password in env instead of generating new password

Comment 3 Meng Bo 2013-11-04 05:36:27 UTC
Checked on devenv-stage_549,

Git clone the li-repo to get the latest script.

Change mysql password for my app,
Reset the password with the script change_mysql_password
The script finished with successful.

And after password reset, trying to connect to the db with incorrect password, it cannot be accessed.

\> mysql -uadminagNuJah -predhat -h127.1.244.2 app1
ERROR 1045 (28000): Access denied for user 'adminagNuJah'@'127.1.244.2' (using password: YES)

And can be connected with correct password.

\> mysql -uadminagNuJah -pPhvIZiYPnYZV -h127.1.244.2 app1
Welcome to the MySQL monitor.  Commands end with ; or \g.