I have a tomcat 8 webserver and try to connect local mysql 5.7, but having following error:
Caused by:
SQLNestedException: Cannot create PoolableConnectionFactory (Client does not support authentication protocol requested by server
I googled and people suggested to update the password and I did as well, however doesn't work for me.
What I did
ALTER USER 'root'#'localhost' IDENTIFIED WITH mysql_native_password BY 'password'
flush privileges;
Currently I can only use public ip address to connect back to the local database....
MYSQL changed the password storage method starting with version 4.1. If your client is trying to connect with the old way and the server has the password stored in the new way, then you will get that error message. In order to fix that, you have 2 choices:
check the settings on your tomcat server
change the password hash in the mysql server, to be compatible with versions pre-4.1
If you want to change the password to use the old hashing type, use a command like:
mysql> SET PASSWORD FOR
-> 'some_user'#'some_host' = OLD_PASSWORD('new_password');
After that you have to start your mysql server with old_passwords system variable set to 1
On the other hand, I think that the best way of resolving this will be to set the client to use the proper way of connecting to the mysql server.
If you use PHP for connecting to the server, check if you use mysql of mysqli library. I think that only mysqli library uses the new way of managing connections.
Related
My localhost is running MariaDB 10.6.7 on Win64.
I am trying to force SSL when connecting to MariaDB.
I test the connection using MySQL Workbench 8.0.
To enable the SSL, I did the following:
I generate self signed certificate, then in my.ini, I set the following:
[mysqld]
datadir=C:/xampp/MariaDB 10.6/data
port=3306
innodb_buffer_pool_size=1009M
ssl-ca=C:/xampp/xampp/certs/mysql/ca-cert.pem
ssl-cert=C:/xampp/xampp/certs/mysql/server-cert.pem
ssl-key=C:/xampp/xampp/certs/mysql/server-key.pem
[client]
port=3306
plugin-dir=C:/Program Files/MariaDB 10.6/lib/plugin
ssl-ca=C:/xampp/xampp/certs/mysql/ca-cert.pem
ssl-cert=C:/xampp/xampp/certs/mysql/client-cert.pem
ssl-key=C:/xampp/xampp/certs/mysql/client-key.pem
To force SSL, I set the user in MariaDB to require SSL.
Unfortunately, with this configuration, I can still connect to MySQL without using any certificate. How can I force MariaDB to force SSL or FAIL?
My second question, I have a suspicion that my configuration is actually for setting using Require X509. Is this the case? If yes, how can I set it up to just use Require SSL?
Last, having the certificate set in my.ini, prevent me from connecting to mysql via the regular way, that is: mysql -u root. I got the following error:
ERROR 2026 (HY000): SSL connection error: An unknown error occurred while processing
the certificate. Error 0x80090327(SEC_E_CERT_UNKNOWN).
I have tried to use the following command, mysql --ssl-ca=[directory]\client-cert.pem -u root, without success. I got the same error as above. Any idea?
If you have a reference page or any kind of insight, that would be appreciated.
Thanks.
When creating a user, you need to add the require parameter, which can be x509 or ssl.
take for example
create user itpuxs2#'%' identified by 'root' require x509;
create user itpuxs3#'%' identified by 'root' require ssl;
From my test in Win64, the ssl-ca, ssl-cert, ssl-key under [client] is not required for "Require SSL". This settings were also the reason why I could not login using "mysql -u root".
I use MySQL Workbench to test my connection to MariaDB. From my testing, even though I did not provide any certificate, as long as the server have certificate for SSL, then the connection would be encrypted (Require SSL). Having said that, I did try to provide a ca-cert.pem, but it did not work. From my research in google, it seems that this may due to the SSL Library used in MariaDB. The SSL library may be different for different distribution.
As for the X509, I was able to get it working in Linux. I did this once and was not doing further testing since I am working in windows at the moment.
Few minutes ago I've done very unecessary move. I wanted to change password to root on my localhost server (I'm using WAMP any my MYSQL version is 5.7.21) and I picked the "SHA-256" option, now I have these errors in my PHPMyAdmin Panel:
#2054 - The server requested authentication method unknown to the client
mysqli_real_connect(): The server requested authentication method unknown to the client [sha256_password]
mysqli_real_connect(): (HY000/2054): The server requested authentication method unknown to the client
I've had an wordpress database on my local server and mainly everything that I want is just to recover it, or also change the root password to do anything... I've read some questions there and the method with changing
default-authentication_plugin = mysql_native_password
in "my.ini" isn't working for me. I tried to run init file with
SET PASSWORD FOR 'root'#'localhost' = PASSWORD('MyNewPass');
and it's not working too. Is there any other way to change my password or only recover my wp database from it?
I'm trying to migrate a db with Sequelize working with MySQL 8.0.15, but I'm not able to do that. I keep receiving this error message.
Sequelize CLI [Node: 10.15.0, CLI: 5.4.0, ORM: 5.3.5]
Loaded configuration file "config/config.json".
Using environment "development".
ERROR: Client does not support authentication protocol requested by server; consider upgrading MySQL client
I've tried every single solution for this problem. The thing is when i try to change the MySQL root password the message i get is this one:
ERROR 1819 (HY000): Your password does not satisfy the current policy requirements
Then I did try to change the password validate policy following this procedure
https://dev.mysql.com/doc/refman/5.6/en/validate-password-installation.html
then MySQL crashed cause it's deprecated. Then I tried this one
https://dev.mysql.com/doc/refman/8.0/en/validate-password-installation.html
Then I got this
mysql> INSTALL COMPONENT 'file://component_validate_password';
ERROR 3529 (HY000): Cannot load component from specified URN:
'file://component_validate_password'.
Then I checked where the component is
ls /usr/lib64/mysql/plugin/component_v*
/usr/lib64/mysql/plugin/component_validate_password.so
Anyone can help? I'm realy out of options, now!
Thanks in advance
If you want to use MySQL 5.x style authentication, typically all you have to do is add this to your my.cnf:
[mysqld]
default_authentication_plugin=mysql_native_password
Do this before adding any users. Only use users for connecting via Sequelize, never root.
If you are using MySQL 8.0 then https://dev.mysql.com/doc/refman/5.6/en/validate-password-installation.html then this shouldn't work.
Have used mysql_secure_installation and installed the validate_password_component then?
If yes, in that case, the plugin must already be installed and all you need to do is set validate_password related parameters in the options file (default /etc/my.cnf) and some options require a server restart.
For those who cannot edit system variables (for instance, if you're using a managed database in AWS or DigitalOcean), this works as well:
ALTER USER 'foo'#'bar' IDENTIFIED WITH mysql_native_password BY 'password';
flush privileges;
Or, if you cannot run flush privileges; like me:
DROP USER 'foo'#'bar';
CREATE USER 'foo'#'bar' IDENTIFIED WITH mysql_native_password BY 'password';
GRANT INSERT, SELECT, ... ON mydb.* TO 'foo'#'bar';
I am trying to connect to an existing mysql database on a linux server and scaffold tables in my project and working with them via EFCore.
I use this command line to scaffold :
dotnet ef dbcontext scaffold "server={IP};port={PORT};userid={USER_ID};password={PASSWORD};database={DB_NAME};" Pomelo.EntityFrameworkCore.MySql -o Models -f
But it shows this error to me:
Host '{MY_IP}' is not allowed to connect to this MySQL server
I am using Pomelo.EntityFrameworkCore.MySql library on .NET Core 2.1 SDK
What should I do?
If your MySQL instance is bound to the public IP address (you can check this by doing 3306 port scan for that IP - assuming MySQL is running on the standard port) then you need to grant privileges on the database for the user you are using as follows:
GRANT ALL PRIVILEGES ON <yourdb>.* TO `<youruser>`#`<yourip>` IDENTIFIED by '<yourpassword>';
After you have run this you need to run the FLUSH PRIVILEGES; command. Assuming all above conditions are met you should be able to access your DB remotely.
There are 2 things to understand before trying to connect.
1) Generally, databases are allowed to listen to local machine, ie localhost.
2) databases as mysql authentication comes in pair i.e. user#host_name.
So changing the way DB want you are really screwing security.
Now here is the way you can change MySQL listen for rest of world.
1) go to **my.cnf**, Check ‘**bind-address**’, comment this line. it
must be bind with `localhost` or `127.0.0.1`.
2) go to database MySQL, table users, column host replace
`localhost` to `"%"`, so the anyone from anywhere can connect.
3) `CREATE USER ‘root’#‘%’ IDENTIFIED BY ‘some_pass’`;
4) `GRANT ALL PRIVILEGES ON *.* TO ‘root’#‘%’;`
5) `FLUSH PRIVILEGES;`
I am connecting to a MySQL database with Visual Basic.net and am getting this error:
Authentication with old password no longer supported, use 4.1 style password
I have the following SQL code to fix this problem, where canningi_cdtest is the name of the user I wish to change the password for and testpass is the password I would like:
SET SESSION old_passwords=0;
SET PASSWORD FOR canningi_cdtest=PASSWORD('testpass');
This is the error I am getting:
#1044 - Access denied for user 'canningi'#'localhost' to database 'mysql'
What do I need to do?
EDIT
I have run the following code, with no errors:
SET PASSWORD = PASSWORD('my_password');
But when I now try and connect to the database, I am still getting the error:
Authentication with old password no longer supported, use 4.1 style password
How can I connect to an SQL database with a 4.1 password? Do I need to update cPanel? My version is 11.32.4 (build 15).
I just solved my problem just like this.
1) Connect to the db with mysql workbench (select the "use old auth" and "send pass in cleartext"
2) Using the workbench, run:
SET SESSION old_passwords=0;
SET PASSWORD FOR canningi_cdtest=PASSWORD('testpass');
3) Now go back to your app and it should run...
That is how I did it at least. I am using IX mysql and they do use old auth on their server so you must do something on your end...