南大通用GBase 8a数据库支持sha256用户密码加密的功能gbase_caching_sha2_password

发表于 作者 laozizhu

GBase 8a数据库,在新的版本里开始支持sha256的用户密码加密,其参数为gbase_caching_sha2_password。周边客户端在使用这个用户时需要配套的支持sha256的客户端。包括 jdbc, odbc, c API. ado.net等开发接口。

参数

gbase_caching_sha2_password=0

0,不开启 默认值
1, 开启,之后创建用户和设置密码时,会用sha256进行加密

修改方式

只需要修改每个gcluster的配置。一般全新安装的会自动增加该参数,默认是0

vi /opt/gcluster/config/gbase_8a_gcluster.cnf

在其中修改或增加参数

max_connections = 10000
max_connect_errors=1000000
max_allowed_packet = 64M
net_write_timeout = 1000000
net_read_timeout = 1000000
connect_timeout = 1000000
interactive_timeout  =1000000
wait_timeout = 1000000
open_files_limit = 65535

gbase_caching_sha2_password=1

gbase_express_log = 1

gcluster_connect_net_read_timeout  =  1000000
gcluster_connect_net_write_timeout =  1000000
gcluster_connect_timeout = 1000000
gcluster_wait_query_cancel_timeout = 200

样例

如下创建了一个abc用户,从gbase.user的元数据表里可以看到其密码长度和老的sha1不同,为65位,老的是41位。

gbase> show variables like '%sha%';
+-----------------------------+-------+
| Variable_name               | Value |
+-----------------------------+-------+
| _gbase_gns_share_connection | 1     |
| gbase_caching_sha2_password | ON    |
+-----------------------------+-------+
2 rows in set (Elapsed: 00:00:00.00)

gbase> create user abc ;
Query OK, 0 rows affected (Elapsed: 00:00:00.01)

gbase> grant all on testdb.* to abc identified by 'abc';
Query OK, 0 rows affected (Elapsed: 00:00:00.00)

gbase> select * from gbase.user;
+--------------------------------------------------------------+------------------+-------------------------------------------------------------------+-------------+-------------+-------------+-------------+-------------+-----------+-------------+---------------+--------------+-----------+------------+-----------------+------------+------------+--------------+------------+-----------------------+------------------+--------------+-----------------+------------------+------------------+----------------+---------------------+--------------------+------------------+------------+--------------+----------+------------+-------------+--------------+---------------+-------------+-----------------+----------------------+----------+--------------+---------------+----------------+---------------+-------------------------+-------------------+------+
| Host                                                         | User             | Password                                                          | Select_priv | Insert_priv | Update_priv | Delete_priv | Create_priv | Drop_priv | Reload_priv | Shutdown_priv | Process_priv | File_priv | Grant_priv | References_priv | Index_priv | Alter_priv | Show_db_priv | Super_priv | Create_tmp_table_priv | Lock_tables_priv | Execute_priv | Repl_slave_priv | Repl_client_priv | Create_view_priv | Show_view_priv | Create_routine_priv | Alter_routine_priv | Create_user_priv | Event_priv | Trigger_priv | ssl_type | ssl_cipher | x509_issuer | x509_subject | max_questions | max_updates | max_connections | max_user_connections | max_cpus | max_memories | max_tmp_space | resource_group | task_priority | user_limit_storage_size | user_storage_size | UID  |
+--------------------------------------------------------------+------------------+-------------------------------------------------------------------+-------------+-------------+-------------+-------------+-------------+-----------+-------------+---------------+--------------+-----------+------------+-----------------+------------+------------+--------------+------------+-----------------------+------------------+--------------+-----------------+------------------+------------------+----------------+---------------------+--------------------+------------------+------------+--------------+----------+------------+-------------+--------------+---------------+-------------+-----------------+----------------------+----------+--------------+---------------+----------------+---------------+-------------------------+-------------------+------+
| %                                                            | root             |                                                                   | Y           | Y           | Y           | Y           | Y           | Y         | Y           | Y             | Y            | Y         | Y          | Y               | Y          | Y          | Y            | Y          | Y                     | Y                | Y            | Y               | Y                | Y                | Y              | Y                   | Y                  | Y                | Y          | Y            |          |            |             |              |             0 |           0 |               0 |                    0 |        0 |            0 |             0 |              0 |             2 |                         |                 0 |    1 |
| %                                                            | gbase            | *9C0ADBD7F08FA9D49D82760B104110C55B943B8D                         | Y           | Y           | Y           | Y           | Y           | Y         | Y           | Y             | Y            | Y         | Y          | Y               | Y          | Y          | Y            | Y          | Y                     | Y                | Y            | Y               | Y                | Y                | Y              | Y                   | Y                  | Y                | Y          | Y            |          |            |             |              |             0 |           0 |               0 |                    0 |        0 |            0 |             0 |              0 |             2 |                         |                 0 |    2 |
| %                                                            | abc              | *4F8B42C22DD3729B519BA6F68D2DA7CC5B2D606D05DAED5AD5128CC03E6C6358 | N           | N           | N           | N           | N           | N         | N           | N             | N            | N         | N          | N               | N          | N          | N            | N          | N                     | N                | N            | N               | N                | N                | N              | N                   | N                  | N                | N          | N            |          |            |             |              |             0 |           0 |               0 |                    0 |        0 |            0 |             0 |              0 |             2 |                         |                 0 | 2049 |
+--------------------------------------------------------------+------------------+-------------------------------------------------------------------+-------------+-------------+-------------+-------------+-------------+-----------+-------------+---------------+--------------+-----------+------------+-----------------+------------+------------+--------------+------------+-----------------------+------------------+--------------+-----------------+------------------+------------------+----------------+---------------------+--------------------+------------------+------------+--------------+----------+------------+-------------+--------------+---------------+-------------+-----------------+----------------------+----------+--------------+---------------+----------------+---------------+-------------------------+-------------------+------+
3 rows in set (Elapsed: 00:00:00.00)

涉及的元数据表

password字段从varchar(41)变成varchar(65)

gbase.db_links

gbase.userg

base.password_history

参考

GBase 8a数据库JDBC连接报错 Got packets out of order
Post Views: 681

相关文章:

  1. 南大通用GBase 8a集群数据库用户密码策略功能
  2. 南大通用GBase 8a集群数据库用户密码长度限制
  3. 南大通用GBase 8a数据库登录最大登录错误次数 login_attempt_max。账号锁定lock和手工unlokc解锁
  4. 南大通用GBase 8a故障排查:密码重用安全策略导致DataState不一致且无法自动恢复
  5. 南大通用GBase 8a集群SSL配置-集群配置部分
  6. 南大通用GBase 8a集群打补丁时需要关闭文件检查功能的参数skip_file_check
  7. 南大通用GBase 8a数据库集群_gbase_dc_window_size参数
  8. 南大通用GBase 8a数据库设置修改参数的方法
  9. 南大通用GBase 8a 参数文章汇总
  10. 南大通用GBase 8a递归查询Start with connect by 报错 Restrict: Connect by clause must be used with table not deleted