Latest security patch generates MYSQL Warnings 'mysql_native_password' is deprecated
search cancel

Latest security patch generates MYSQL Warnings 'mysql_native_password' is deprecated

book

Article ID: 271693

calendar_today

Updated On:

Products

CA API Gateway

Issue/Introduction

The latest security patch is generating an error due to the way SQL users have been created. The error message: "[Warning] [MY-013360] [Server] Plugin mysql_native_password reported: 'mysql_native_password' is deprecated and will be removed in a future release. Please use caching_sha2_password instead" is being displayed. This is caused by the MySQL patch (MySQL 8.0.34, released on 2023-07-18, General Availability) which is part of the "Layer7_API_PlatformUpdate_64bit_v10.X-CentOS-2023-07-25" patch.

https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-34.html 

  • The mysql_native_password authentication plugin now is deprecated and subject to removal in a future version of MySQL. CREATE USERALTER USER, and SET PASSWORD operations now insert a deprecation warning into the server error log if an account attempts to authenticate using mysql_native_password as an authentication method. (Bug #35336317)

Environment

Release : 10.1

Resolution

The Gateway documentation  has been updated with some steps to switch MySQL to use "caching_sha2_password" by default 

https://techdocs.broadcom.com/us/en/ca-enterprise-software/layer7-api-management/api-gateway/10-1/install-configure-upgrade/using-mysql-8-0-with-gateway-10.html#caching_sha2_password

Existing users needs to be updated in the database and you need to set the password again .

To make this switch, follow these steps:

In the /etc/my.cnf file, update the following parameter and value from:


default-authentication-plugin=mysql_native_password

to

default-authentication-plugin=caching_sha2_password

To ensure that existing Gateway MySQL users are assigned the caching_sha2_password plugin for encryption, use the ALTER USER command.

For example:

ALTER USER 'someuser'@'localhost' IDENTIFIED WITH caching_sha2_password BY 'somepassword'

Restart the MySQL database and Gateway for the changes to take effect.

As temporary solution you can suppress the warning message  from the mysqld.log  .

Edit /etc/my.cnf and add below line under [mysqld] section:

log_error_suppression_list='MY-013360'

           an example of how it should like after change:

https://api-broadcom-ca.wolkenservicedesk.com/attachment/get_attachment_content?uniqueFileId=869174982893

 Then restart MySQL service to allow new settings to take effect.