Bug 1025856 - incorrect passwords can connect after change_mysql_password is run
incorrect passwords can connect after change_mysql_password is run
Status: CLOSED CURRENTRELEASE
Product: OpenShift Online
Classification: Red Hat
Component: Containers (Show other bugs)
2.x
Unspecified Unspecified
medium Severity medium
: ---
: ---
Assigned To: Paul Morie
libra bugs
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-11-01 14:31 EDT by Paul Morie
Modified: 2015-05-14 19:32 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2014-01-23 22:28:33 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Paul Morie 2013-11-01 14:31:41 EDT
While preparing to run the change_mysql_password script in production, ops found that users with incorrect passwords could connect after the script was run.  The correct behavior is for the password to be reset if it has been changed and invalid passwords to be rejected.
Comment 1 Paul Morie 2013-11-01 17:06:58 EDT
Additionally, this tool should reset the password to the value in the env, not generate a new value.
Comment 2 openshift-github-bot 2013-11-01 17:07:21 EDT
Commits pushed to master at https://github.com/openshift/li

https://github.com/openshift/li/commit/2df67cefc9d742fac60eef0c63613db56f61ab84
Fix bug 1025856
Signed-off-by: Stefanie Forrester <sedgar@redhat.com>

https://github.com/openshift/li/commit/e4b7356536f133c784b196cfc9bf1b2687b5475f
Fix bug 1025856: reset to password in env instead of generating new password
Comment 3 Meng Bo 2013-11-04 00:36:27 EST
Checked on devenv-stage_549,

Git clone the li-repo to get the latest script.

Change mysql password for my app,
Reset the password with the script change_mysql_password
The script finished with successful.

And after password reset, trying to connect to the db with incorrect password, it cannot be accessed.

\> mysql -uadminagNuJah -predhat -h127.1.244.2 app1
ERROR 1045 (28000): Access denied for user 'adminagNuJah'@'127.1.244.2' (using password: YES)

And can be connected with correct password.

\> mysql -uadminagNuJah -pPhvIZiYPnYZV -h127.1.244.2 app1
Welcome to the MySQL monitor.  Commands end with ; or \g.

Note You need to log in before you can comment on or make changes to this bug.