Jack Woehr wrote:
I'm having a problem similar to the one mentioned in the list message http://lists.mysql.com/mysql/165952
* I built, installed, and run MySQL 4.0.18 o gcc 2.95.3 on Solaris 9 * I created a user "abcd" and used MyPHPAdmin to give this user a password "xxyyzzaa" * I can login using the command-line 'mysql -u abcd' * I cannot login using the command-line ' mysql -u abcd -pxxyyzzaa' o ERROR 1045: Access denied for user: '[EMAIL PROTECTED]' (Using password: YES) * As root I have executed 'USE mysql; SELECT USER,PASSWORD FROM USER' and have verified the password field for 'abcd' was instantiated.
Can anyone inform me how to cause MySQL to use passwords? Thank you.
-- Jack J. Woehr # "[F]ar in the empty sky a solitary esophagus slept http://www.well.com/~jax # upon motionless wing; everywhere brooded stillness, http://www.softwoehr.com # serenity, and the peace of God." - Mark Twain
From your description, I would guess that:
- You created the user as [EMAIL PROTECTED]
- You have not deleted the anonymous user, ''@localhost.
When connecting, mysql looks for the best match of user and host. Best match is done host first, user second. Hence, ''@localhost is chosen over [EMAIL PROTECTED] when [EMAIL PROTECTED] connects. You can verify this by entering
SELECT CURRENT_USER();
at the mysql> prompt.
You have two options:
1) Most people, I believe, solve this by deleting the anonymous user:
mysql -u root -p mysql
DELETE FROM user WHERE User=''; FLUSH PRIVILEGES;
2) Create an explicit entry for [EMAIL PROTECTED], which will take precedence over ''@localhost, as both the host and user will match.
A few notes on security:
* Deleting the anonymous user is probably a good idea anyway. As long as it's there, anyone can connect.
* Make the host part of your users as specific as possible. Do you really want abcd to be able to connect from any IP in the world? One option would be to only allow localhost connections. Then abcd would have to ssh to your server and run mysql locally. Of course, that requires giving abcd shell access, which you may not want. In that case, consider if you can limit the set of machines from which connections should be allowed. Perhaps [EMAIL PROTECTED] or [EMAIL PROTECTED]
* Don't put the password on the command line. That makes it visible to anyone running ps at the right moment. Instead, just use -p to be prompted for the password. I.e.
mysql -u abcd -p
See the manual <http://dev.mysql.com/doc/mysql/en/Privilege_system.html> for the details.
Michael
-- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe: http://lists.mysql.com/[EMAIL PROTECTED]
