Bug 991070 - php cannot connect (authenticate) to MariaDB using old-style passwords
php cannot connect (authenticate) to MariaDB using old-style passwords
Status: CLOSED NOTABUG
Product: Fedora
Classification: Fedora
Component: php (Show other bugs)
19
Unspecified Unspecified
unspecified Severity high
: ---
: ---
Assigned To: Joe Orton
Fedora Extras Quality Assurance
https://fedoraproject.org/wiki/Common...
: CommonBugs
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-08-01 10:06 EDT by Carl Roth
Modified: 2013-08-01 14:08 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-08-01 13:57:47 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
output from mysql 'show global variables' (37.61 KB, text/plain)
2013-08-01 10:09 EDT, Carl Roth
no flags Details

  None (edit)
Description Carl Roth 2013-08-01 10:06:00 EDT
Description of problem:

I installed MariaDB on a Fedora 19 system recently and I cannot connect to it using PHP scripts.  Both existing users from a previous upgrade, and users I newly create are not available to the PHP script.  The mysql_connect() function returns "The server requested authentication method umknown to the client" (note the mis-spelling).

Note that the same 
Version-Release number of selected component (if applicable):

php-5.5.0-2.fc19.x86_64
php-mysqlnd-5.5.0-2.fc19.x86_64
mariadb-5.5.31-4.fc19.x86_64

How reproducible:

Always

Steps to Reproduce:
1. start up a MariaDB instance
2. create a new user
3. connect using e.g. mysql or Python
4. connect using 'php -a'

Actual results:

Other connect methods (mysql, python-MySQL) work correctly. PHP is unable to connect.

Expected results:


Additional info:

Here is a sample session:

MariaDB [(none)]> create user 'testuser'@'localhost' identified by 'testpass';
MariaDB [(none)]> select * from mysql.user where User LIKE 'testuser' \G
  *************************** 1. row ***************************
                        Host: localhost
                        User: testuser
                    Password: 7dcda0d57290b453
...
         max_connections: 0
        max_user_connections: 0
                      plugin:
       authentication_string:
      1 row in set (0.00 sec)

 $ mysql -utestuser -ptestpass

      MariaDB [(none)]> select 1;
      +---+
      | 1 |
      +---+
      | 1 |
      +---+
      1 row in set (0.00 sec)

 $ php -a
      php > $link = @mysql_connect("localhost", "testuser", "testpass");
      $link = @mysql_connect("localhost", "testuser", "testpass");
      php > print $link;
      print $link;
      php > print mysql_error();
      print mysql_error();
      The server requested authentication method umknown to the client
      php >

I'm attaching the output of 'show global variables'; see there that I turned off secure_auth and turned on old_passwords.  The "new" passwords (41 character hashes) also do not work with PHP.
Comment 1 Carl Roth 2013-08-01 10:09:55 EDT
Created attachment 781619 [details]
output from mysql 'show global variables'
Comment 2 Remi Collet 2013-08-01 10:29:02 EDT
old_password (for pre < 4.1 client) are deprecated and no more accepted.
Please rerun the same test with old_password=0.

Please check if you have run mysql_upgrade.

also try using 127.0.0.1 (tcp connection) instead of localhost (local socket)
Comment 3 Carl Roth 2013-08-01 13:15:00 EDT
(In reply to Remi Collet from comment #2)
> old_password (for pre < 4.1 client) are deprecated and no more accepted.
> Please rerun the same test with old_password=0.

Same issue.  The only difference is that new passwords generated with old_password=0 are of the 'new' type (41 character hash).

> 
> Please check if you have run mysql_upgrade.

Yes it was upgraded.

> 
> also try using 127.0.0.1 (tcp connection) instead of localhost (local socket)

Right, I played around with this a bit more and I think my problem is that I have some 'old' mysql passwords still (my mysql instance is very very old).

I reproduced the issue with mysqli instead, and got a more useful error:

HP Warning:  mysqli::mysqli(): (HY000/2000): mysqlnd cannot connect to MySQL 4.1+ using the old insecure authentication. Please use an administration tool to reset your password with the command SET PASSWORD = PASSWORD('your_existing_password'). This will store a new, and more secure, hash value in mysql.user. If this user is used in other scripts executed by PHP 5.2 or earlier you might need to remove the old-passwords flag from your my.cnf file in php shell code on line 1

I then tried to (1) re-hash the test password, and (2) point php to an existing account that I knew had a 'long' password.  Both of those cases worked.

I think this resolves my php issue; perhaps this incompatibility should be in the release notes?

Note You need to log in before you can comment on or make changes to this bug.