Majic Projects ~ [CLOSED] MAR-168 - Mandate use of unix socket authentication for the root user in database

Majic Projects

Majic Ansible Roles

Projects
Wiki
- Quick links
- Wiki
- Project wikis
- Conntrackt
- Django Pydenticon
- Gimmecert
- Majic Ansible Roles
- Pydenticon
- Scripts
- Global content

Majic Ansible Roles / Closed Enhancement MAR-168 Mandate use of unix socket authentication for the root user in database_server role

This issue has been closed with status "Closed" and resolution "RESOLVED".

- No additional actions available

Issue basics

Type of issue

Enhancement Unknown issue type
Issue label

No label set
Category

Security Not determined
Targetted for

5.0.0 Not determined
Status

Closed

Status not determined
Progress
Priority

Not determined

Affected by this issue (0)

There are no items

People involved

Posted by
branko (@branko)

Branko Majic
@branko

Last seen online at Apr 24, 2024 - 20:11

Show user details
Owned by

Not owned by anyone
Assigned to
branko (@branko)

Branko Majic
@branko

Last seen online at Apr 24, 2024 - 20:11

Show user details
Not assigned to anyone
Subscribers

0 subscriber(s)

Click here to show the list of subscribers

Times and dates

Posted at

Oct 04, 2020
Last updated

Dec 23, 2020
Estimated time

3 hours Not estimated
Time spent

5 hours No time spent

Click here to see time logged against this issue

Issue details

Resolution

RESOLVED Not determined
Reproducability

Not determined
Severity

Not determined

Attachments (0)

There is nothing attached to this issue

Child issues (0)

This issue does not have any child issues

Duplicate issues (0)

This issue does not have any duplicates

Show / hide more details »

Description

The database_server role currently uses password-based authentication for the root user, limiting authentication to localhost. Since the database_server is only ever used from the same server, though, it would be beneficial to get rid of password-based authentication for the root user, and to rely on the unix socket authentication instead.

This would both reduce number of passwords used, as well as make the root database user logins safer (since it would prevent other processes from logging-in as root user provided they can guess the password).

The following should be done:

Update the database_server role.
- Drop the db_root_password parameter.
- Switch to using the unix socket authentication for the root user.
- Make sure the user is set-up correctly and that the root user cannot login without providing any kind of credentials/authentication.
- There is also a TODO entry in the role tasks that should be taken care of.
Update tests. Pay attention to tests for roles that use the database_server role directly/indirectly.
Update test site configuration.
Update usage instructions.
Update role reference.
Update release notes.

Todos (0 / 0)

Options

There are no comments

Welcome to The Bug Genie

Log in with your username and password