Description of problem: RHOSP13 in mariadb with 'Authentication Plugin - SHA-256' support need. Version-Release number of selected component (if applicable): RHOSP13 mariadb ) How reproducible: Red Hat do not support higher version of mariadb with 'Authentication Plugin - SHA-256'. https://mariadb.com/kb/en/library/authentication-plugin-ed25519/ Steps to Reproduce: 1. 2. 3. Actual results: The latest mariadb in RHOSP virsion is 'mariadb-10.1.20-2.el7ost.x86_64.rpm'. Expected results: Need to integrate RHOSP with MariaDB over 10.1.35 to support 'Authentication Plugin - SHA-256'. Additional info: Customer needs is very high about 'Authentication Plugin - SHA256' in mariadb. Not only this customer but also others need it too. Because customer necessary certificate from country to do public services. One of requirement is 'Authentication Plugin - SHA256'.
hi there - the link you refer to is the "ed25519" plugin. Per this document, MariaDB does not support the MySQL SHA-256 plugin: https://mariadb.com/kb/en/library/authentication-plugin-sha-256/ "MariaDB Server does not currently support either of these authentication plugins." Can you clarify which plugin is being requested?
Hi Michael, Thank you for your answer. I have asked to customer and got answer. she said that it is needed used "ed25519" plugin with RHOSP13 to get certificate. Thank you! Regards, YoungCheol.
Quick status update for this RFE. All OpenStack developments for enabling ed25519 in tripleo have been done upstream in ussuri. This work currently depends on two additional developments in external upstream libraries: PyNaCl for the cryptographic dependencies, and PyMySQL for authenticating with mysql with the auth_ed25519 protocol. Currently RDO packages have rpm built with patches backported from those two upstream projects to test the feature. However until now PyNaCl and PyMySQL have not release any official release that contains those developments. As of today, The PyNaCl development has just been published in version 1.4.0 [1]. This should unblock the review of the last development in PyMySQL [2]. [1] https://github.com/pyca/pynacl/issues/573 [2] https://github.com/PyMySQL/PyMySQL/pull/791
(In reply to Damien Ciabrini from comment #19) > This should unblock the review of the last development in PyMySQL [2]. > PyMySQL has merged the support for ed25519 as well. All bits are available upstream for consumption. We now need to backport the necessary bits downstream in RHEL and RHOSP
I am closing this RFE as we will not be able to implement it in any currently scheduled release of OSP. The reason being that we will soon be switching to RHEL9 and part of that involves a greater focus on FIPS compliance. The ed25519 implementation requires PyNaCl, which depends on libsodium and it is not possible to use libsodium in a FIPS compliant system, leaving us with no way to implement this RFE, unfortunately.