Sign in to follow this  
benryves

[web] MySQL: New passwords versus old passwords

Recommended Posts

benryves    1999
I have:
  • Apache 2.0.54 (Win32)
  • PHP 4.3.11
  • MySQL 4.1.12a-nt
  • phpMyAdmin 2.6.2-pl1
...running locally. The problem here is with passwords - nothing with passwords that deals with the MySQL database will work. Currently, the only way I can log on to the database through phpMyAdmin is to blank out the password completely. (Giving the user a password is fine, provided they connect using the command line utility). Same with the logging in to the system that I have copied to run locally - the only way to log on is to blank out the passwords and not specify one when logging in. I heard that passwords are hashed differently in more recent versions of MySQL. So, I opened up the CLI to the database, and tried rehashing the passwords on the tables - no luck. Even though they are clearly different to the old ones (which I can restore with old_password()) the software that accesses the database still can't log in. When I say "log in", I do not mean log in to the MySQL server, I mean log in to the system I'm developing (I can only connect to the server, provided - you guessed it - use a blank password). [help]?

Share this post


Link to post
Share on other sites
Guest Anonymous Poster   
Guest Anonymous Poster
1. Install other MySQL version;
2. Use PostgreSQL.
3. Use text files. ^_^

Share this post


Link to post
Share on other sites
mwtb    115

I didn't quite follow what you have tried, particularly where you say you restore your passwords with old_password(). You are generating the user passwords with OLD_PASSWORD('password') and they still don't work?

If so, the only other thing I can think of is that you aren't changing the correct user with the correct domain access.

Share this post


Link to post
Share on other sites
darklordsatan    258
Ok, the new hashing system in MySQL basically stores a 41-byte value for the password hash, and in prior versions to 4.1, the password hash was 16-byte long IIRC...

Then, problems arise when an old client tries to connect to the new server, which seems to be the problem here. I had this situation like a month ago, IIRC, it was with phpMyAdmin, and I dont know for sure if the problem is the way it tries to connect to the DB, or just the mysql php module in php 4.x.

Anyhow, from what I understand, you tried to do this, right?

SET PASSWORD FOR 'joe'@'localhost'=OLD_PASSWORD('ImANewPassword');

This is what I did (again, IIRC) and worked just fine.

Another solution is to start the server (mysqld) with the parameter --old-passwords

If nothing of this is working for you, could you describe the error arised by the application? Is it this one?
Quote:

Client does not support authentication protocol requested
by server, consider upgrading MySQL client

Share this post


Link to post
Share on other sites
benryves    1999
Quote:
Original post by mwtb
I didn't quite follow what you have tried, particularly where you say you restore your passwords with old_password(). You are generating the user passwords with OLD_PASSWORD('password') and they still don't work?
By that, I mean that when "upgrading" the passwords with an update `users` set `password`=password('password') where `username`='username' I still can't log in, and when rolling back with an update `users` set `password`=old_password('password') where `username`='username' I can't log in either.
In fact, I found out what the problem was - the password column was VARCHAR(16) which meant that the new-style passwords were being truncated. Altering the table structure and setting the passwords again has fixed that part of the application.

I still can't log in through PHP (mysql_connect() or through using phpMyAdmin), and the error is indeed "Client does not support authentication protocol requested by server, consider upgrading MySQL client" - this is not of any great importance, as this is a development machine and it doesn't matter as such that the password for access to the database is blanked. It works fine on the "real" webservers the application will be running on.

Share this post


Link to post
Share on other sites
darklordsatan    258
I found this in the mysql website, so, unless you have to stick to php 4.3.x, I guess the simplest solution is to move on to php 5 (read the last part - talks about a new extension that supports mysql 4.1 and higuer)

Quote:

MySQL 4.1 and up uses an authentication protocol based on a password hashing algorithm that is incompatible with that used by older clients. If you upgrade the server to 4.1, attempts to connect to it with an older client may fail with the following message:

shell> mysql
Client does not support authentication protocol requested
by server; consider upgrading MySQL client

To solve this problem, you should use one of the following approaches:

* Upgrade all client programs to use a 4.1.1 or newer client library.
* When connecting to the server with a pre-4.1 client program, use an account that still has a pre-4.1-style password.
* Reset the password to pre-4.1 style for each user that needs to use a pre-4.1 client program. This can be done using the SET PASSWORD statement and the OLD_PASSWORD() function:

mysql> SET PASSWORD FOR
-> 'some_user'@'some_host' = OLD_PASSWORD('newpwd');

Alternatively, use UPDATE and FLUSH PRIVILEGES:

mysql> UPDATE mysql.user SET Password = OLD_PASSWORD('newpwd')
-> WHERE Host = 'some_host' AND User = 'some_user';
mysql> FLUSH PRIVILEGES;

Substitute the password you want to use for ``newpwd'' in the preceding examples. MySQL cannot tell you what the original password was, so you'll need to pick a new one.
* Tell the server to use the older password hashing algorithm:
1.Start mysqld with the --old-passwords option.
2.Assign an old-format password to each account that has had its password updated to the longer 4.1 format. You can identify these accounts with the following query:

mysql> SELECT Host, User, Password FROM mysql.user
-> WHERE LENGTH(Password) > 16;

For each account record displayed by the query, use the Host and User values and assign a password using the OLD_PASSWORD() function and either SET PASSWORD or UPDATE, as described earlier.

Note: In PHP, the mysql extension does not support the new authentication protocol in MySQL 4.1.1 and higher. This is true regardless of the PHP version being used. If you wish to use the mysql extension with MySQL 4.1 or newer, you will need to follow one of the options discussed above for configuring MySQL to work with old clients. The mysqli extension (stands for "MySQL, Improved"; new in PHP 5) is compatible with the improved password hashing employed in MySQL 4.1 and higher, and no special configuration of MySQL need be done in order to use this newer MySQL client library for PHP. For more information about the mysqli extension, see http://php.net/mysqli.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this