Additional Gateway SSG DB Users

Document ID : KB000113230
Last Modified Date : 12/09/2018
Show Technical Document Details
Question:
After configuring the Gateway with the embedded database, there are 7 access users in the mysql.user table. Our security team wants to know why all those users are using same password and how to change them to 7 different passwords. Is it possible or it is by design and can not be different?

1. 'gateway'@'localhost6.localdomain6'
2. 'gateway'@'localhost6'
3. 'gateway'@'localhost.localdomain'
4. 'gateway'@'localhost'
5. 'gateway'@'companyname.com'
6. 'gateway'@'10.100.10.100'
7. 'gateway'@'%'
Answer:
The additional gateway users are identifiers to connect to db from different machines like within localhost or from remote machine. More than likely, in the /etc/hosts file, you have an entry that looks like this:
---------------------------------------
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
---------------------------------------

The hostnames correspond to the first 4 users were created.

The MySQL user is identified by username followed by hostname as a unique identifier to connect to database. The password for all these users is the same password provided for the gateway user during the database configuration portion of the Gateway install. The password can be changed but it should be replicated in the other cluster node if it is cluster based. Otherwise, it will create issues like those mentioned in the following KB article:

Gateway logs indicate replication failing due to an error calculating delay

For more information about the MySQL user identifier, the following link can be referred: https://dev.mysql.com/doc/refman/5.7/en/connection-access.html