- Apache 2.0.54 (Win32)
- PHP 4.3.11
- MySQL 4.1.12a-nt
- phpMyAdmin 2.6.2-pl1
[web] MySQL: New passwords versus old passwords
Author
I have:
I didn't quite follow what you have tried, particularly where you say you restore your passwords with old_password(). You are generating the user passwords with OLD_PASSWORD('password') and they still don't work?
If so, the only other thing I can think of is that you aren't changing the correct user with the correct domain access.
Ok, the new hashing system in MySQL basically stores a 41-byte value for the password hash, and in prior versions to 4.1, the password hash was 16-byte long IIRC...
Then, problems arise when an old client tries to connect to the new server, which seems to be the problem here. I had this situation like a month ago, IIRC, it was with phpMyAdmin, and I dont know for sure if the problem is the way it tries to connect to the DB, or just the mysql php module in php 4.x.
Anyhow, from what I understand, you tried to do this, right?
This is what I did (again, IIRC) and worked just fine.
Another solution is to start the server (mysqld) with the parameter --old-passwords
If nothing of this is working for you, could you describe the error arised by the application? Is it this one?
Then, problems arise when an old client tries to connect to the new server, which seems to be the problem here. I had this situation like a month ago, IIRC, it was with phpMyAdmin, and I dont know for sure if the problem is the way it tries to connect to the DB, or just the mysql php module in php 4.x.
Anyhow, from what I understand, you tried to do this, right?
SET PASSWORD FOR 'joe'@'localhost'=OLD_PASSWORD('ImANewPassword');This is what I did (again, IIRC) and worked just fine.
Another solution is to start the server (mysqld) with the parameter --old-passwords
If nothing of this is working for you, could you describe the error arised by the application? Is it this one?
Quote:
Client does not support authentication protocol requested
by server, consider upgrading MySQL client
Author
Quote:Original post by mwtbBy that, I mean that when "upgrading" the passwords with an update `users` set `password`=password('password') where `username`='username' I still can't log in, and when rolling back with an update `users` set `password`=old_password('password') where `username`='username' I can't log in either.
I didn't quite follow what you have tried, particularly where you say you restore your passwords with old_password(). You are generating the user passwords with OLD_PASSWORD('password') and they still don't work?
In fact, I found out what the problem was - the password column was VARCHAR(16) which meant that the new-style passwords were being truncated. Altering the table structure and setting the passwords again has fixed that part of the application.
I still can't log in through PHP (mysql_connect() or through using phpMyAdmin), and the error is indeed "Client does not support authentication protocol requested by server, consider upgrading MySQL client" - this is not of any great importance, as this is a development machine and it doesn't matter as such that the password for access to the database is blanked. It works fine on the "real" webservers the application will be running on.
I found this in the mysql website, so, unless you have to stick to php 4.3.x, I guess the simplest solution is to move on to php 5 (read the last part - talks about a new extension that supports mysql 4.1 and higuer)
Quote:
MySQL 4.1 and up uses an authentication protocol based on a password hashing algorithm that is incompatible with that used by older clients. If you upgrade the server to 4.1, attempts to connect to it with an older client may fail with the following message:
shell> mysql
Client does not support authentication protocol requested
by server; consider upgrading MySQL client
To solve this problem, you should use one of the following approaches:
* Upgrade all client programs to use a 4.1.1 or newer client library.
* When connecting to the server with a pre-4.1 client program, use an account that still has a pre-4.1-style password.
* Reset the password to pre-4.1 style for each user that needs to use a pre-4.1 client program. This can be done using the SET PASSWORD statement and the OLD_PASSWORD() function:
mysql> SET PASSWORD FOR
-> 'some_user'@'some_host' = OLD_PASSWORD('newpwd');
Alternatively, use UPDATE and FLUSH PRIVILEGES:
mysql> UPDATE mysql.user SET Password = OLD_PASSWORD('newpwd')
-> WHERE Host = 'some_host' AND User = 'some_user';
mysql> FLUSH PRIVILEGES;
Substitute the password you want to use for ``newpwd'' in the preceding examples. MySQL cannot tell you what the original password was, so you'll need to pick a new one.
* Tell the server to use the older password hashing algorithm:
1.Start mysqld with the --old-passwords option.
2.Assign an old-format password to each account that has had its password updated to the longer 4.1 format. You can identify these accounts with the following query:
mysql> SELECT Host, User, Password FROM mysql.user
-> WHERE LENGTH(Password) > 16;
For each account record displayed by the query, use the Host and User values and assign a password using the OLD_PASSWORD() function and either SET PASSWORD or UPDATE, as described earlier.
Note: In PHP, the mysql extension does not support the new authentication protocol in MySQL 4.1.1 and higher. This is true regardless of the PHP version being used. If you wish to use the mysql extension with MySQL 4.1 or newer, you will need to follow one of the options discussed above for configuring MySQL to work with old clients. The mysqli extension (stands for "MySQL, Improved"; new in PHP 5) is compatible with the improved password hashing employed in MySQL 4.1 and higher, and no special configuration of MySQL need be done in order to use this newer MySQL client library for PHP. For more information about the mysqli extension, see http://php.net/mysqli.
This topic is closed to new replies.
Advertisement
Popular Topics
Advertisement
