Bug 1687309
Summary: | [RFE]RHOSPin mariadb with 'Authentication Plugin - ed25519' support need. | ||
---|---|---|---|
Product: | Red Hat OpenStack | Reporter: | youngcheol <yocha> |
Component: | mariadb | Assignee: | Damien Ciabrini <dciabrin> |
Status: | CLOSED CANTFIX | QA Contact: | pkomarov |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 16.0 (Train) | CC: | aherr, chjones, dciabrin, ealcaniz, mbayer, mburns, michele, mvalsecc, sputhenp |
Target Milestone: | --- | Keywords: | FutureFeature, Triaged |
Target Release: | --- | ||
Hardware: | x86_64 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2022-04-12 14:14:52 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1820628 | ||
Bug Blocks: |
Description
youngcheol
2019-03-11 08:58:26 UTC
hi there - the link you refer to is the "ed25519" plugin. Per this document, MariaDB does not support the MySQL SHA-256 plugin: https://mariadb.com/kb/en/library/authentication-plugin-sha-256/ "MariaDB Server does not currently support either of these authentication plugins." Can you clarify which plugin is being requested? Hi Michael, Thank you for your answer. I have asked to customer and got answer. she said that it is needed used "ed25519" plugin with RHOSP13 to get certificate. Thank you! Regards, YoungCheol. Quick status update for this RFE. All OpenStack developments for enabling ed25519 in tripleo have been done upstream in ussuri. This work currently depends on two additional developments in external upstream libraries: PyNaCl for the cryptographic dependencies, and PyMySQL for authenticating with mysql with the auth_ed25519 protocol. Currently RDO packages have rpm built with patches backported from those two upstream projects to test the feature. However until now PyNaCl and PyMySQL have not release any official release that contains those developments. As of today, The PyNaCl development has just been published in version 1.4.0 [1]. This should unblock the review of the last development in PyMySQL [2]. [1] https://github.com/pyca/pynacl/issues/573 [2] https://github.com/PyMySQL/PyMySQL/pull/791 (In reply to Damien Ciabrini from comment #19) > This should unblock the review of the last development in PyMySQL [2]. > PyMySQL has merged the support for ed25519 as well. All bits are available upstream for consumption. We now need to backport the necessary bits downstream in RHEL and RHOSP I am closing this RFE as we will not be able to implement it in any currently scheduled release of OSP. The reason being that we will soon be switching to RHEL9 and part of that involves a greater focus on FIPS compliance. The ed25519 implementation requires PyNaCl, which depends on libsodium and it is not possible to use libsodium in a FIPS compliant system, leaving us with no way to implement this RFE, unfortunately. |