Bug 1566219

Summary: MySQL long passwords aren't accepted on the command line when using sha256_password authentification plugin
Product: Red Hat Software Collections Reporter: Michal Schorm <mschorm>
Component: mysqlAssignee: Michal Schorm <mschorm>
Status: CLOSED EOL QA Contact: RHEL CS Apps Subsystem QE <rhel-cs-apps-subsystem-qe>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: rh-mysql57CC: databases-maint, mmuzila
Target Milestone: ---   
Target Release: 3.4   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-12-02 12:19:18 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Michal Schorm 2018-04-11 19:32:41 UTC 
When using:

  mysql -u user -pPASSWORD

MySQL server, if the password string provided is longer that 213 characters and set with sha256_password authentification plugin, will always return:

  ERROR 2000 (HY000): Unknown MySQL error

--

Reproducible on MySQL in RHSCL and Fedora.
MariaDB does not use sha256_password plugin.
RHEL6 is not affected, sha256_password was added since mysql 5.6

Reproducer:



mysql -u root -e "CREATE USER 'user'@'localhost' IDENTIFIED WITH sha256_password;"

mysql -u root -e "SET old_passwords = 2; SET PASSWORD FOR 'sha256u'@'localhost' = PASSWORD('1111111111111111111111111111111111111111111111111122222222222222222222222222222222222222222222222222333333333333333333333333333333333333333333333333334444444444444444444444444444444444444444444444444455555555555555555555555555555555555555555555555555123456');"

# 256 characters long password

mysql -u user -p1111111111111111111111111111111111111111111111111122222222222222222222222222222222222222222222222222333333333333333333333333333333333333333333333333334444444444444444444444444444444444444444444444444455555555555555555555555555555555555555555555555555123456
Comment 3 Joe Orton 2019-12-02 12:19:18 UTC 
In accordance with the Red Hat Software Collections Product Life Cycle, the support period for this collection has ended.

New bug fix, enhancement, and security errata updates, as well as technical support services will no longer be made available for this collection.

Customers are encouraged to upgrade to a later release.

Please contact Red Hat Support if you have further questions, or refer to the support lifecycle page for more information. https://access.redhat.com/support/policy/updates/rhscl/
Comment 4 Michal Schorm 2020-01-20 00:04:53 UTC 
This issue still exists in MySQL 8.0 version

However in MySQL 8.0 the 'sha256_password' authentication plugin has been deprecated in favor of 'caching_sha2_password' and it will be removed in future MySQL version.

https://dev.mysql.com/doc/mysql-security-excerpt/8.0/en/sha256-pluggable-authentication.html