Forum / Remote Desktop Manager - Feature Request

AWS Aurora with integrated IAM authentication

  • Create an Issue
  • Cancel

Dear,

we are using RDM using an AWS Aurora as a datasource.

AWS aurora is based on MySQL but allows for far more scalability (across availability zones) with 1 click. The serverless design can reduce costs greatly.

We were planning to authenticate to Aurora MySQL using IAM users, these are user accounts which are created to access AWS. This is possible, however, the client needs to be aware of this:
https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/UsingWithRDS.IAMDBAuth.DBAccounts.html
https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/UsingWithRDS.IAMDBAuth.Connecting.AWSCLI.html

In fact, you provide your IAM user and password, which generates a token, which will be used for the connection.

This is not possible at the moment, with RDM (latest version). It gives the following error:

MySql.Data.MySqlClient.MySqlException (0x80004005): Authentication method 'mysql_clear_password' not supported by any of the available plugins.
at MySql.Data.MySqlClient.Authentication.AuthenticationPluginManager.GetPlugin(String method)
at MySql.Data.MySqlClient.Authentication.MySqlAuthenticationPlugin.GetPlugin(String method, NativeDriver driver, Byte[] authData)
at MySql.Data.MySqlClient.Authentication.MySqlAuthenticationPlugin.HandleAuthChange(MySqlPacket packet)
at MySql.Data.MySqlClient.Authentication.MySqlAuthenticationPlugin.Authenticate(Boolean reset)
at MySql.Data.MySqlClient.NativeDriver.Open()
at MySql.Data.MySqlClient.Driver.Open()
at MySql.Data.MySqlClient.Driver.Create(MySqlConnectionStringBuilder settings)
at MySql.Data.MySqlClient.MySqlPool.CreateNewPooledConnection()
at MySql.Data.MySqlClient.MySqlPool.GetPooledConnection()
at MySql.Data.MySqlClient.MySqlPool.TryToGetDriver()
at MySql.Data.MySqlClient.MySqlPool.GetConnection()
at MySql.Data.MySqlClient.MySqlConnection.Open()
at Devolutions.RemoteDesktopManager.Business.MySQLHelper.OpenConnectionSafe(IDbConnection dbConnection)
at Devolutions.RemoteDesktopManager.Business.MySQLHelper.NewConnectionSafe(String connectionString, Int32 retryCount)
at Devolutions.RemoteDesktopManager.Business.DataSources.MySQLConnectionDataSource.CreateDbConnection(String connectionString)
at Devolutions.RemoteDesktopManager.Business.DataSources.DatabaseConnectionDataSource.CreateDbConnection(Int32 connectTimeout, Boolean master)
at Devolutions.RemoteDesktopManager.Business.DataSources.DatabaseConnectionDataSource.GetData(String sql, IDbDataParameter[] parameters)
at Devolutions.RemoteDesktopManager.Business.DataSources.DatabaseConnectionDataSource.GetDataSourceSettings()
at Devolutions.RemoteDesktopManager.Managers.ConnectionManager.c29fbd34504079a3525ca4c390d5d4074(BaseConnectionDataSource c7f28727fc7a5daa94ba08f688b2a5781)
at Devolutions.RemoteDesktopManager.Managers.ConnectionManager.ca4799bebd8b706f34eea94a778843b55(BaseConnectionDataSource c7f28727fc7a5daa94ba08f688b2a5781, Boolean cfe205b02d73750f8fd14d199343fe545)
at Devolutions.RemoteDesktopManager.Managers.ConnectionManager.LoadConnections(BaseConnectionDataSource dataSource, ConnectionEngine currentEngine)

Is this possible at this moment?
Will it be possible in the future?

Thanks in advance

Regards

2018-12-14 11_05_59-Remote Desktop Manager [Dashboard].png
Clock2 mths

Hello Stefan,

We have a similar situation with another customer who tried to connect RDM to MySQL with PAM users. Both of you receive the error " 'mysql_clear_password' not supported.” After few Google search, I found that Clear-Text plugin is not installed by default on AWS Aurora and MySQL PAM servers.

Could you enable this plugin on the server? If not, could you give us details about how you connect with MySQL Workbench.

Have you a specific feature enable, like SslMode set to "True" ?

Best regards,



David Grandolfo

signaturesignature

Clock2 mths

Hi David,

thanks for your quick feedback. If I'm correct clear-test is a client setting rather than a server setting?
https://dev.mysql.com/doc/refman/5.6/en/cleartext-pluggable-authentication.html

Anyway, setting the variable does not make any difference.

When connecting with myqsl workbench, with secure mode enabled and clear text enabled, I get prompted for the password in a loop and am unable to connect as well.

I assume the feature SslMode is an advance setting to be configured in RDM, like explained on RDM 14.0.pdf manual page 1608 (page number, not pdf number). I have tried the value "True", True & TRUE, which gives the following error. (Attached)

2018-12-14 17_15_01-Remote Desktop Manager [Dashboard].png
Clock2 mths

Hi Stefan,

You are right Clear-Text is local plugin, sorry for the confusion.

Should I understand that even with MySQL Workbench you are not able to connect to the database?

If Workbench cannot connect to the DB, I'm afraid that RDM won't be able to connect.

As soon as Workbench connects could you try to connect with RDM after?

Best regards,



David Grandolfo

signaturesignature

Clock2 mths