Disable MySQL secure auth in db_mysql module

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Disable MySQL secure auth in db_mysql module

Husnain Taseer
Dear Users,
We have opensips deployed in production environment on a Centos machine.Version of MySQL installed on that machine is old so the authentication plugin which is being used on that mysql server is mysql_old_password. The db user supports old (pre-4.1) Hashing method and we don't want to upgrade it to newer version because we have too many users which are using that database. Now when I try to connect opensips with the db using mysql module it gives me this error:

 ERROR:db_mysql:db_mysql_connect: driver error(2049): Connection using old (pre-4.1.1) authentication protocol refused (client option 'secure_auth' enabled)
Dec 28 13:21:40 AppServerI ../../sbin/opensips[5211]: ERROR:db_mysql:db_mysql_new_connection: initial connect failed
Dec 28 13:21:40 AppServerI ../../sbin/opensips[5211]: ERROR:core:db_do_init: could not add connection to the pool
Dec 28 13:21:40 AppServerI ../../sbin/opensips[5211]: ERROR:uri:mod_init: Could not connect to database
Dec 28 13:21:40 AppServerI ../../sbin/opensips[5211]: ERROR:core:init_mod: failed to initialize module uri
Dec 28 13:21:40 AppServerI ../../sbin/opensips[5211]: ERROR:core:main: error while initializing modules

Is there any way to disable secure_auth in mysql_db module of opensips ? like from shell mysql client we can use --skip-secure-auth to disable it.

Regards,
Husnain Taseer

_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: Disable MySQL secure auth in db_mysql module

Max Mühlbronner
Hi,

not sure, but this might help:

http://www.opensips.org/html/docs/modules/1.11.x/auth_db.html#id293636

modparam("auth_db", "skip_version_check", 1)


Although in the long term, it's probably better to upgrade mysql.

BR


Max M.

On 28.12.2015 12:04, Husnain Taseer wrote:
Dear Users,
We have opensips deployed in production environment on a Centos
machine.Version of MySQL installed on that machine is old so the
authentication plugin which is being used on that mysql server is
mysql_old_password. The db user supports old (pre-4.1) Hashing method and
we don't want to upgrade it to newer version because we have too many users
which are using that database. Now when I try to connect opensips with the
db using mysql module it gives me this error:

* ERROR:db_mysql:db_mysql_connect: driver error(2049): Connection using old
(pre-4.1.1) authentication protocol refused (client option 'secure_auth'
enabled)*
*Dec 28 13:21:40 AppServerI ../../sbin/opensips[5211]:
ERROR:db_mysql:db_mysql_new_connection: initial connect failed*
*Dec 28 13:21:40 AppServerI ../../sbin/opensips[5211]:
ERROR:core:db_do_init: could not add connection to the pool*
*Dec 28 13:21:40 AppServerI ../../sbin/opensips[5211]: ERROR:uri:mod_init:
Could not connect to database*
*Dec 28 13:21:40 AppServerI ../../sbin/opensips[5211]: ERROR:core:init_mod:
failed to initialize module uri*
*Dec 28 13:21:40 AppServerI ../../sbin/opensips[5211]: ERROR:core:main:
error while initializing modules*

Is there any way to disable secure_auth in mysql_db module of opensips ?
like from shell mysql client we can use --skip-secure-auth to disable it.

Regards,
Husnain Taseer



_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users


_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: Disable MySQL secure auth in db_mysql module

Max Mühlbronner
Sorry, skip_version_check() of auth_db module seems to be related to the auth table (not the general mysql auth).


my fault.

BR

Max M.

On 28.12.2015 12:39, Max Mühlbronner wrote:
Hi,

not sure, but this might help:

http://www.opensips.org/html/docs/modules/1.11.x/auth_db.html#id293636

modparam("auth_db", "skip_version_check", 1)


Although in the long term, it's probably better to upgrade mysql.

BR


Max M.

On 28.12.2015 12:04, Husnain Taseer wrote:
Dear Users,
We have opensips deployed in production environment on a Centos
machine.Version of MySQL installed on that machine is old so the
authentication plugin which is being used on that mysql server is
mysql_old_password. The db user supports old (pre-4.1) Hashing method and
we don't want to upgrade it to newer version because we have too many users
which are using that database. Now when I try to connect opensips with the
db using mysql module it gives me this error:

* ERROR:db_mysql:db_mysql_connect: driver error(2049): Connection using old
(pre-4.1.1) authentication protocol refused (client option 'secure_auth'
enabled)*
*Dec 28 13:21:40 AppServerI ../../sbin/opensips[5211]:
ERROR:db_mysql:db_mysql_new_connection: initial connect failed*
*Dec 28 13:21:40 AppServerI ../../sbin/opensips[5211]:
ERROR:core:db_do_init: could not add connection to the pool*
*Dec 28 13:21:40 AppServerI ../../sbin/opensips[5211]: ERROR:uri:mod_init:
Could not connect to database*
*Dec 28 13:21:40 AppServerI ../../sbin/opensips[5211]: ERROR:core:init_mod:
failed to initialize module uri*
*Dec 28 13:21:40 AppServerI ../../sbin/opensips[5211]: ERROR:core:main:
error while initializing modules*

Is there any way to disable secure_auth in mysql_db module of opensips ?
like from shell mysql client we can use --skip-secure-auth to disable it.

Regards,
Husnain Taseer



_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users




_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users



_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: Disable MySQL secure auth in db_mysql module

Bogdan-Andrei Iancu-2
In reply to this post by Husnain Taseer
Hi Husnain,

Try the following change:

diff --git a/modules/db_mysql/my_con.c b/modules/db_mysql/my_con.c
index 8fa7840..7bedbaf 100644
--- a/modules/db_mysql/my_con.c
+++ b/modules/db_mysql/my_con.c
@@ -30,6 +30,7 @@
 
 int db_mysql_connect(struct my_con* ptr)
 {
+       my_bool secure_auth = 0;
        /* if connection already in use, close it first*/
        if (ptr->init)
                mysql_close(ptr->con);
@@ -41,6 +42,7 @@ int db_mysql_connect(struct my_con* ptr)
        mysql_options(ptr->con, MYSQL_OPT_CONNECT_TIMEOUT, &db_mysql_timeout_interval);
        mysql_options(ptr->con, MYSQL_OPT_READ_TIMEOUT, &db_mysql_timeout_interval);
        mysql_options(ptr->con, MYSQL_OPT_WRITE_TIMEOUT, &db_mysql_timeout_interval);
+       mysql_options(ptr->con, MYSQL_SECURE_AUTH, &secure_auth);
 
        if (ptr->id->port) {
                LM_DBG("opening connection: mysql://xxxx:xxxx@%s:%d/%s\n",



Regards,
Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
http://www.opensips-solutions.com
On 28.12.2015 13:04, Husnain Taseer wrote:
Dear Users,
We have opensips deployed in production environment on a Centos machine.Version of MySQL installed on that machine is old so the authentication plugin which is being used on that mysql server is mysql_old_password. The db user supports old (pre-4.1) Hashing method and we don't want to upgrade it to newer version because we have too many users which are using that database. Now when I try to connect opensips with the db using mysql module it gives me this error:

 ERROR:db_mysql:db_mysql_connect: driver error(2049): Connection using old (pre-4.1.1) authentication protocol refused (client option 'secure_auth' enabled)
Dec 28 13:21:40 AppServerI ../../sbin/opensips[5211]: ERROR:db_mysql:db_mysql_new_connection: initial connect failed
Dec 28 13:21:40 AppServerI ../../sbin/opensips[5211]: ERROR:core:db_do_init: could not add connection to the pool
Dec 28 13:21:40 AppServerI ../../sbin/opensips[5211]: ERROR:uri:mod_init: Could not connect to database
Dec 28 13:21:40 AppServerI ../../sbin/opensips[5211]: ERROR:core:init_mod: failed to initialize module uri
Dec 28 13:21:40 AppServerI ../../sbin/opensips[5211]: ERROR:core:main: error while initializing modules

Is there any way to disable secure_auth in mysql_db module of opensips ? like from shell mysql client we can use --skip-secure-auth to disable it.

Regards,
Husnain Taseer


_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users


_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users