Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Authentication and authorization: WIP points #2844

Open
tomatolog opened this issue Dec 12, 2024 · 3 comments
Open

Authentication and authorization: WIP points #2844

tomatolog opened this issue Dec 12, 2024 · 3 comments
Labels

Comments

@tomatolog
Copy link
Contributor

tomatolog commented Dec 12, 2024

here is a list of points left at the wip_auth branch:

  • auth_user_file location
  • mysql mysql_native_password deprecated \ removed
  • buddy auth skip
@tomatolog tomatolog added the bug label Dec 12, 2024
@tomatolog
Copy link
Contributor Author

auth_user_file location

auth_user_file now loads as is, ie without check of the relative or absolute file path. It could be better to know it location is inside the data_dir for the RT mode and has an absolute file path for plain mode.

This way for the RT mode it could be better to use only flag to enable auth and if the flag is set the auth_user_file internally should be set into data_dir/.htpasswd

@tomatolog
Copy link
Contributor Author

tomatolog commented Dec 12, 2024

mysql_native_password

The SphinxQL implementation of the basic auth uses code compatible with the mysql_native_password plugin. But that authentication plugin is deprecated as of MySQL 8.0.34, disabled by default in MySQL 8.4, and removed as of MySQL 9.

Need to think should we use of that authentication schema or implement the new default caching_sha2_password. The flow for that new default caching_sha2_authentication_exchanges

@tomatolog
Copy link
Contributor Author

buddy auth skip

I disabled all the authentication check for buddy requests as otherwise buddy fails to connect into daemon. The check of the buddy request is done via HTTP header field User-agent: Manticore Buddy and should be fixed with the following point from the #2748 (comment)

The issue at the Buddy repository is manticoresoftware/manticoresearch-buddy#418

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

1 participant