Edit report at http://bugs.php.net/bug.php?id=52799&edit=1
ID: 52799
Comment by: php at diptyque dot net
Reported by: php at diptyque dot net
Summary: Old password authentication with (PDO) MySQL native
driver
Status: Bogus
Type: Bug
Package: PDO related
Operating System: FreeBSD
PHP Version: 5.3.3
Block user comment: N
New Comment:
Found! [1]
IMHO it should also be replicated in the MySQL native driver section [2]
[1] <http://www.php.net/manual/en/migration53.incompatible.php>
[2] <http://fr.php.net/manual/en/book.mysqlnd.php>
Previous Comments:
------------------------------------------------------------------------
[2010-09-08 19:41:44] [email protected]
Thanks for the feedback! I'm quite sure its in the docs. I double check.
Closing upon request of the bug reporter.
------------------------------------------------------------------------
[2010-09-08 19:23:51] php at diptyque dot net
Oops, my mistake. Wrote the test script and ext/mysql code cannot
effectively connect using old authentication w/ enabled MYSQLND. The
ext/mysql code I previously tested wasn't running on the same server
(DNS changes for the hostname weren't applied yet; code was still
running on the old server platform.)
Problem solved. Bogus report. Two alternatives. Either build ext/mysql,
ext/mysqli and PDO MySQL w/o MYSQLND option to preserve compatibility
with old passwords. Either update all MySQL passwords with enhanced
authentication.
I believe a note stating that the old authentication scheme is not
supported anymore should be added to the MySQL Native Driver manual.
------------------------------------------------------------------------
[2010-09-08 18:34:09] [email protected]
Because mysqlnd does not support it, ext/mysql - if using mysqlnd -
can't support it. Please provide a test script which shows ext/mysql
connecting while PDO_MySQL does not.
------------------------------------------------------------------------
[2010-09-08 18:16:02] php at diptyque dot net
Description:
------------
Some PHP legacy code no longer works with the 5.3.3 MYSQLND-enabled [1]
PDO MySQL driver -- I got 2 warnings and an exception is raised:
[07-Sep-2010 14:31:16] PHP Warning: PDO::__construct(): Premature end of
data (mysqlnd_wireprotocol.c:554) in /my/path/to/php/auto/append.php on
line xx
[07-Sep-2010 14:31:16] PHP Warning: PDO::__construct(): OK packet 1
bytes shorter than expected in /my/path/to/php/auto/append.php on line
xx
Exception says that "mysqlnd cannot connect to MySQL 4.1+ using the old
insecure authentication."
This is inconsistent with the behavior of the 5.3.3 MySQL extension
built with MYSQLND support: I have even older PHP code that can connect
to MySQL 4.1+ using the old insecure authentication scheme (!?) Go
figure.
Of course, reverting to the PDO MySQL driver w/ classic MySQL client
library support works.
[1] mysqlnd 5.0.7-dev - 091210 - $Revision: 300533 $
Test script:
---------------
<?php
try {
$dbh = new PDO($sql->dsn, $sql->username, $sql->password);
$dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
}
catch (Exception $e) { /* ... */ }
// failure
?>
vs.
<?php
$dbh = mysql_pconnect(
$mysql['hostname'], $mysql['username'], $mysql['password']
);
// success
?>
Expected result:
----------------
Why does old password authentication still works with MYSQLND-enabled
MySQL extension but not with MYSQLND-enabled PDO MySQL driver?
Actual result:
--------------
SQLSTATE[HY000] [2000] mysqlnd cannot connect to MySQL 4.1+ using the
old insecure authentication. Please use an administration tool to reset
your password with the command SET PASSWORD =
PASSWORD('your_existing_password'). This will store a new, and more
secure, hash value in mysql.user. If this user is used in other scripts
executed by PHP 5.2 or earlier you might need to remove the
old-passwords flag from your my.cnf file
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/bug.php?id=52799&edit=1
