I am trying to set up Perl to connect to a mysql database.
i am using Perl 5.16, as this is a requiment,
DBI 1.622 with DBD:mysql from cpan was build.
The mysql database is Version 5.6.26
The mysql database uses SHA256 authentication, this won't be changed and there must not be set up an account with old_authentication or native.
I can not connect to the database as it replies with
Client authentication scheme is not supported.
My short test script is
use DBI;
use DBD::mysql;
$dbh = DBI->connect('DBI:mysql:host=dbhost', 'dbtest', 'test'
) || die "Could not connect to database: $DBI::errstr";
The returned error message is
DBI connect('host=dbhost,'dbtest',...) failed: Client does not support authentication
protocol requested by server; consider upgrading MySQL client at dbtest.pl line 4.
Could not connect to database: Client does not support authentication protocol requested
by server; consider upgrading MySQL client at dbtest.pl line 4.
How can i set up a Connection to the Server?
edit : This is not a duplicate. The User is allowed to access from any host, and we do not want to roll back to old Password, as written above
#martinclayton is correct. You have a very old version of your PERL MySQL DBD module. The upgrade to 4.1 happened over a decade ago.
Read this: https://dev.mysql.com/doc/refman/5.5/en/old-client.html
You need to upgrade your DBD module. Martin's link will give you some hints how to do it. http://search.cpan.org/~capttofu/DBD-mysql-4.032/lib/DBD/mysql/INSTALL.pod#PREREQUISITES
Related
I have access to 2 MySQL Servers (one for production and one for development). I have the host, port, database, user, password and the CA Cert file for them. I could connect to both using mysql workbench and from the windows cmd. (Yes, I have to work on windows for now)
Now according to security requirements, I need to connect using protocol TLSv1.2 or TLSv1.2, and Cipher AES256 and SHA2. These are currently not enforced on the development server, but they are on the production, and I am not able to connect on the production right now.
I satisfy AES256 and TLSv1.1 requirement.
But how do I get my client to connect using SHA2? Both Workbench and CMD doesn't work when I specify a cipher using both AES256 and SHA256 or SHA384. But it works fine if I specify something like AES256-SHA. Does this mean that it is not supported and I need to update something? By default, it uses 'DHE-RSA-AES256-SHA'
If I try to set one of the AES256-SHA2 cipher on the production, I get the error:
ERROR 2026 (HY000): SSL connection error: Failed to set ciphers to use
If I don't specify any ciphers, I get the error
ERROR 2026 (HY000): SSL connection error: unknown error number
I've looked up multiple posts on stackoverflow, mysql devs and mysql bugs website, and none seem to address this.
I have to ultimately get this to work with Ms. Access, since MySQL will be the backend for it. I even tried by creating a system DSN, but the same error pops up.
Maybe the ODBC Connector doesn't support SHA2? I couldn't find anything on this anywhere.
I have the latest version of ODBC and MySQL Workbench.
Turns out, the community versions(free) of MySQL Workbench and ODBC are compiled using yaSSL while the commercial versions use OpenSSL. And SHA2 is not supported by yaSSL. Once I got the commercial versions, I was able to connect using SHA2.
I am trying to connect MySQL client through a Perl script. But again and again I am getting error
ERROR 1251: Client does not support authentication protocol requested by server; consider upgrading MySQL client
My MySQL client has been upgraded from 5.1 to 5.6.
I am using Perl v5.12.0, DBD::mysql is 4.017, DBI is 1.613.
Is this problem with the Perl module or with MySQL.
in my.conf
add
[mysqld]
skip-secure-auth=true
it permiss use old protocol, but your security exists no more. Do it only in development ambient.
I have an issue using MySQL on PHP 5.6, and after three days of debugging PHP, OpenSSL, MySQLnd Drivers on PHP and trying out the mysql_client on an Ubuntu 14.04 machine, I have come to a conclusion: Google Cloud SQL SSL certificates will not work on PHP 5.6 and above.
For a start, the Google Cloud is a great service, and modern cryptography is enforced throughout the Google ecosystem. However, I couldn't use it because of one little problem: Google Cloud SQL SSL Server certificates have impossible common names.
Google Cloud SQL Server (or peer) certificates have a Common Name (CN) that looks something like:
CN=project-name:instance-id
To make matters worse, starting from PHP 5.6, all encrypted client streams will go through mandatory peer certificate validation. (Link: OpenSSL changes in PHP 5.6.x). I use the PHP Data Objects (PDO) extension, which uses the native driver MySQLnd to handle all the MySQL business. This uses the native PHP streams to handle those connections.
I have been looking through the MySQLnd source code on PHP (Link: MYSQLnd Driver Code on GitHub), MySQLnd configuration options to try and disable the SSL peer verification code on this particular MySQLND. To no avail.
Therefore, what should I do if I need to use SSL for MySQL connections on PHP 5.6?
Your response is greatly appreciated!
Try connecting through the proxy if you have second generation sql, you might be able to connect pdo via the proxy with 127.0.0.1: https://cloud.google.com/sql/docs/compute-engine-access#gce-connect-proxy
Assuming you can convince MySQL that the hostname is should verify is in fact project-name:instance-id then I would have thought the hostname validation ought to succeed (though I agree that cert doesn't look great).
I tried the following from my Mac OS X workstation and it appeared to succeed, at least when using the mysql binary (I didn't try via PHP).
First I added a hosts entry on my machine included the colon as part of the name:
1.2.3.4 project-name:instance-id
After doing so I was able to connect successfully with the mysql (5.6.32) installed on my machine:
mysql -uroot -h "project-name:instance-id" --password \
--ssl \
--ssl-ca ~/Downloads/server-ca.pem \
--ssl-cert ~/Downloads/client-cert.pem \
--ssl-key ~/Downloads/client-key.pem \
--ssl-verify-server-cert
(When I ran that same command with the IP address instead, I received ERROR 2026 (HY000): SSL connection error: SSL certificate validation failure)
We have a PHP 5.2 based app which we migrated to GCE, and encountered the problem where the Mysqli client does not work.
We used Atomic Archive repo to install PHP 5.2 on GCE 6 CentOS 6:
http://www6.atomicorp.com/channels/atomic/centos/6/x86_64/RPMS/
and also installed the provided Mysql client:
mysql-5.5.40-26.el6.art.x86_64.rpm
Following testing, the application fails with following error:
Warning: mysqli::mysqli() [mysqli.mysqli]: (HY000/2003): Can't connect to MySQL server on XXX.XXX.XXX.XXX
While the command line mysql client works just fine.
While looking at the mysqli.so PHP extension, we noticed it uses the oldest available MySQL library: /usr/lib64/mysql/libmysqlclient.so.16
Any chance that this library doesn't work with Google Cloud SQL?
This is how I connect from my php:
$conn = mysqli_connect("<IP>", "<username>", "<password>","database") or die ("Error" . mysqli_error($conn));
I have a Perl script that gets data from a MySQL database on one server (let's call it server1), does stuff with it and writes it out to another database on another server (server2). Both servers are remote to the server that runs the Perl script.
I can connect to the DB on server1 OK, but when I try to connect to the DB on server2, using the same DBI method, I get an error. Here, as command-line Perl, is the bit that's causing the error:
perl -MDBI -e 'DBI->connect("DBI:mysql:myDB:server2.whatever.co.uk","myuser","mypassword") or die DBI->errstr;'
And here's the error message:
DBI connect('myDB:server2.whatever.co.uk','myuser',...) failed: Client does not support authentication protocol requested by server; consider upgrading MySQL client at -e line 1
Client does not support authentication protocol requested by server; consider upgrading MySQL client at -e line 1.
I do not have root access so I can't upgrade MySQL and I can't change the password to use the old password hashing algorithm, which is the solution suggested in lots of places.
Ideas anyone?
The database may be set up to accept connections only from within a certain set of addresses, as a security measure. So if you're trying to access a prod database from a home laptop (for example), it may reject you, even if you have the proper credentials. Try accessing it from a place where it's known to work using another technology -- for example, if you have a website that accesses it already, go to wherever apache/tomcat is running, and try the perl there. If it works, that's the issue. You can also proactively check on the database settings.
OK, in the absence of an alternative, I got someone with root access to server2 to do the fix that's published elsewhere:
Connect to MySQL as the MySQL root user, then:
mysql> use mysql;
mysql> SET PASSWORD FOR 'username'#'hostname' = OLD_PASSWORD('password');
mysql> FLUSH PRIVILEGES;
Replacing 'username', 'hostname' and 'password' with appropriate values.
So what I'm saying here is, it seems like if you don't have root access to upgrade MySQL or to change the password to use the old password hashing algorithm, then the only solution is to find someone who does who can make the change for you.