Introduce login_user and login_password for user and database creation #43
Conversation
|
Hi @szEvEz! Can you describe why you think that this is necessary? Also, as you can see, this role is tested with the molecule framework, if we introduce this new feature, I would like to add a test for it. Do you have any suggestion? |
|
Hi @fauust, if I set the root users password and disallow socket_authentication, I need to be able to pass username and password for user and database creation. I can have a look at writing a test for it! |
|
Ok, rephrasing: why won't you use the socket authentication? I am just curious about the use case since it seems really not practical to me (in the context of Ansible deployment). (There might be an excellent reason that I am no aware of)... |
|
Ah, got it! From my point of view this is a security concern. I want to set a password for the root user and disallow socket_authentication because I do not want passwordless authentication for the root user. There were also some comments on this here
Some weaknesses using this mechanism are documented here as well. With the arguments I've introduced, the end-user can still chose which path to go, which from my perspective is pretty neat - what do you think? |
|
Ok, so, I am in favor of giving as much flexibility to users but I am wondering if there is not a miss-understanding of what unix_socket authentication is. Am I understanding correctly that in your setup the root user can't read (or write) the MariaDB data directory ( If that's the case then I understand your point and I am curious of some pointers about how you achieve that (encryption-at-rest ?). |
No description provided.