Skip to content
Blame Permalink
  • bharathy's avatar
    8a7b6b9e
    WL#6409: deprecate PASSWORD() and extend ALTER USER syntax to manage · 8a7b6b9e
    bharathy authored 
             authentication attributes.

This WL implements the following:
  1. Separation of authentication from authorization. GRANT statement
     deals with both authorization and authentication. This WL deprecates
     the authentication part from GRANT statement by throwing a warning.
  2. CREATE/ALTER USER statements will be used to provide authentication
     details associated with a user. GRANT statement when used to create
     users will throw a deprecated warning.
  3. PASSWORD() function is removed from SET PASSWORD sytax.
  4. Authentication plugin is extended to add 2 new APIs which will generate
     and validate password hash without depending on old_password variable anymore.
  5. New system variable to ensure backward compatibility when user management
     queries are rewritten to logs (slow/general/audit/binary logs).
  6. New Plugin services to validate/calculate_strength/set_salt for
     the credentials.
  7. ALTER USER statement is extended to provide authentication/SSL/connection
     attributes.
  8. SHOW CREATE USER <user>
  9. Password column is removed from mysql.user table and authentication_string
     column will be the new password store for any users created.
  10.Deprecate NO_AUTO_CREATE_USER sql mode.
  11.Script to downgrade as requested by sys QA.
    8a7b6b9e
    WL#6409: deprecate PASSWORD() and extend ALTER USER syntax to manage
    bharathy authored 
             authentication attributes.

This WL implements the following:
  1. Separation of authentication from authorization. GRANT statement
     deals with both authorization and authentication. This WL deprecates
     the authentication part from GRANT statement by throwing a warning.
  2. CREATE/ALTER USER statements will be used to provide authentication
     details associated with a user. GRANT statement when used to create
     users will throw a deprecated warning.
  3. PASSWORD() function is removed from SET PASSWORD sytax.
  4. Authentication plugin is extended to add 2 new APIs which will generate
     and validate password hash without depending on old_password variable anymore.
  5. New system variable to ensure backward compatibility when user management
     queries are rewritten to logs (slow/general/audit/binary logs).
  6. New Plugin services to validate/calculate_strength/set_salt for
     the credentials.
  7. ALTER USER statement is extended to provide authentication/SSL/connection
     attributes.
  8. SHOW CREATE USER <user>
  9. Password column is removed from mysql.user table and authentication_string
     column will be the new password store for any users created.
  10.Deprecate NO_AUTO_CREATE_USER sql mode.
  11.Script to downgrade as requested by sys QA.