Percona server exits after a Kerberos password change after the password has expired.
General
Escalation
General
Escalation
Description
Environment
None
AFFECTED CS IDs
268949
Attachments
3
Smart Checklist
Activity
Show:
George Lorch November 6, 2019 at 2:42 PM
I reviewed and merged these. Thank you for the quick patch!
Done
Details
Details
Assignee
Sergei GlushchenkoReporter
Jaime SicamLabels
Fix versions
Affects versions
Priority
MediumSmart Checklist
Open Smart Checklist
Smart Checklist
Open Smart Checklist
Created October 24, 2019 at 8:46 AM
Updated March 6, 2024 at 11:47 AM
Resolved November 6, 2019 at 2:42 PM
If pam_krb5 is configured to allow user to change password and if it's expired, Percona Server will crash after receiving the new password:
PAM configuration/etc/pam.d/mysqld)
The environment to setup Kerberos and PS 57 is attached to this ticket. You can review the deployment from deploy_kerberos file. You will need to create a kerberos user when you've logged in. Instructions are provided below:
Extract 268949.zip and cd to that directory. Start the instance by running "vagrant up". Once started, connect to the instance by running "vagrant ssh". Then run these commands on the sandbox:
Run kadmin.local and create a user called user2 and provide a password:
On the same session, expire the password and then quit:
Sudo to user2. This has been previously created in deploy script. Next, login to mysql as user2. Provide the password you've entered on Step 1. When you are prompted to enter a new Kerberos password, MySQL will crash:
If needed, core file will be generated in /tmp/corefiles directory.
The workaround would be to disallow resetting the password from PAM which is passing the parameter chpw_prompt=false in /etc/pam.d/mysqld