Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:43539
Return-Path: <php@hristov.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 55588 invoked from network); 30 Mar 2009 10:34:46 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 30 Mar 2009 10:34:46 -0000
Authentication-Results: pb1.pair.com smtp.mail=php@hristov.com; spf=permerror; sender-id=unknown
Authentication-Results: pb1.pair.com header.from=php@hristov.com; sender-id=unknown
Received-SPF: error (pb1.pair.com: domain hristov.com from 85.92.87.36 cause and error)
X-PHP-List-Original-Sender: php@hristov.com
X-Host-Fingerprint: 85.92.87.36 iko.gotobg.net Linux 2.6
Received: from [85.92.87.36] ([85.92.87.36:37964] helo=iko.gotobg.net)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 9F/F3-14952-540A0D94 for <internals@lists.php.net>; Mon, 30 Mar 2009 05:34:46 -0500
Received: from [78.52.56.128] (helo=[192.168.1.132])
	by iko.gotobg.net with esmtpa (Exim 4.69)
	(envelope-from <php@hristov.com>)
	id 1LoEp6-0007ny-JN; Mon, 30 Mar 2009 13:34:32 +0300
Message-ID: <49D0A03F.9000503@hristov.com>
Date: Mon, 30 Mar 2009 12:34:39 +0200
User-Agent: Thunderbird 2.0.0.21 (X11/20090318)
MIME-Version: 1.0
To: "Ionut G. Stan" <ionut.g.stan@gmail.com>
CC: Ulf Wendel <ulf.wendel@phpdoc.de>, 
 'PHP Internals' <internals@lists.php.net>
References: <49D07544.7060406@gmail.com> <49D07D1E.4020509@phpdoc.de> <49D08785.30206@gmail.com>
In-Reply-To: <49D08785.30206@gmail.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - iko.gotobg.net
X-AntiAbuse: Original Domain - lists.php.net
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - hristov.com
X-Source: 
X-Source-Args: 
X-Source-Dir: 
Subject: Re: [PHP-DEV] mysqlnd problems
From: php@hristov.com (Andrey Hristov)

  Hi,
Ionut G. Stan wrote:
> Hi Ulf,
> 
> Thanks for the answer, but let me understand this better.
> 
> The old mysql API did not support the auth protocol of MySQL 4.1+, but 
> only lower,
> while the new mysqlnd API only supports MySQL 4.1+ auth protocol. At 
> least this
> is what I understand from the error message, your response and the note 
> on this page[1]
> which refers specifically to PHP.

No. libmysql supports both authentication methods, versions of libmysql 
4.1+. The old pre-4.1 insecure one and the new post-4.1 secure 
authentication. What is different? The password hash in mysql.user is of 
a different length. While with the years it has been good to have a 
smooth transition, with just a recompile, I think it is high time that 
the dbas should secure their systems and change the passwords. In web 
environments you don't have too many users, usually just one, which will 
need a new password set. Just use the statement for setting the password 
and set it to the same as current, then it will work. Also, mysqlnd 
doesn't work with servers which are pre-4.1. Windows developers don't 
get this as download option at all - mysql 4.0 or 3.2x.x servers.

> 
> Is that true? If yes, then this should be stressed on the mysqlnd manual 
> page[2] so that
> people can do what suits them best - update passwords or compile PHP 
> with the MySQL
> client library. There are a lot of legacy applications using mysql_* 
> functions that are working
> right now because the auth protocol is the old one (as in my case).

They are working either because the used libmysql is 3.23, a lpgl one, 
or 4.0, because the server used is old. In the case of 4.1, 5.0 and 5.1 
servers it is just laziness to change the password. It is written 
somewhere in the documentation about upgrading from 4.0 to 4.1.

> Sorry if I somehow missed such warnings in the manual.
> 
> There's also the problem of Windows binaries. Lots of people are 
> developing on Windows
> and host their work where they have little control over the MySQL 
> configuration. People
> compiling PHP on Windows are rare and even some Linux sysadmins are 
> afraid/don't have
> the knowledge to compile PHP with special arguments (my sysadmin). In my 
> opinion there's
> a problem right here that would have been best solved with some php.ini 
> setting.

On public hosting it should be very rare to get MySQL Server 4.0 or 
earlier. With 4.1 and up everything is fine, just re-set your password.

> 
> Cheers,
> 
> [1] http://dev.mysql.com/doc/refman/4.1/en/old-client.html
> [2] http://php.net/mysqli.mysqlnd
> 
> 
> On 3/30/2009 11:04, Ulf Wendel wrote:
>> Ionut G. Stan schrieb:
>>> Warning: mysql_connect() [function.mysql-connect]: OK packet 6 bytes 
>>> shorter than expected in {filename} on line 18
>>> Warning: mysql_connect() [function.mysql-connect]: mysqlnd cannot 
>>> connect to MySQL 4.1+ using old authentication in {filename} on line 18
>>
>> This says everything. You cannot use old authentication with mysqlnd.
>>
>> Upgrade you server passwords to the more recent and more secure 
>> authentication method or recompile PHP with libmysql (MySQL Client 
>> Library) support. Check ./configure --help | grep -C3 mysql and 
>> http://www.php.net/manual/en/mysql.installation.php .
>>
>> Ulf
>>
> 

Best,
Andrey