[squeak-dev] Re: Stdb MySQL driver authentication

Anindya Haldar anindya_haldar at yahoo.com
Sat Oct 1 04:39:35 UTC 2011

I believe I found the core issue here. What likely happens in this scenario is:
- The connector follows 4.1.1 and up wire protocol, which has a very specific way of scrambling and hashing of user credentials. And this is supported by the longer hash used by MySQL. 

- If the user credential was created with a older version with a shorter hash style, then the server asks the client to send the hash again using older style (short hash).
- Our protocol driver does not support this fall back yet, and that is where this exception is thrown
- The best solution: have a user with a new style longer password hash. Please refer to the function old_password() vs password() in MySQL documentation. As far as I am aware just setting a new password using the password() function should do it.

- One way to verify the style differences is to do a 'select host, user, password from mysql.user' from an admin account. This lists the password hashes: the older ones are short, the newer ones are long format

- I will investigate further on how to support the old hash style in the driver

Hope this is helpful for now.

BTW, there are some test cases where they use a 'testuser'/'testpass' combination; this is different from the other 'stdbtestuser'/'stdbtestpass' combination. This is an inconsistency that I found, and will fix this so that only the 'stdbtestuser' account is required for running all the unit tests.


From: Yanni Chiu <yanni at rogers.com>
To: squeak-dev at lists.squeakfoundation.org
Sent: Friday, September 30, 2011 9:05 AM
Subject: [squeak-dev] Re: Now available: a database conectivity API and its MySQL implementation

On 30/09/11 3:57 AM, Andreas Raab wrote:
> On 9/30/2011 4:35, Anindya Haldar wrote:
>> I believe this is a version issue. I tested my code with MySQL 5.0.67 on
>> Mac OS X. The details of the test platform combinations are in the
>> project page in Squeaksource.
>> Could you please let me know your MySQL version and platform? It is
>> entirely possible that for certain versions/conditions the handshake
>> protocol does another extra step. This is something I found NOT
>> applicable for the version I was working with, although the reference C
>> implementation does have such provisions.
> I'm running MySql 5.0.77 server on CentOS 5.6 (which is the
> out-of-the-box version you get on CentOS via yum). This seems pretty
> close to what you're using. Is there a chance that I need to set up the
> database credentials in a specific way? I've just been using an existing
> user which works fine in other contexts but perhaps there's something
> specific that needs to be done?

Just a wild guess (based on working on a PostgreSQL driver) - you might try to change the authentication method used by the MySQL server. In PostgreSQL, there is plain text password and OS userid authentication methods, no idea if something similar is available in MySQL. The other authentication methods require hashing or encryption to implement.

-- Yanni
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.squeakfoundation.org/pipermail/squeak-dev/attachments/20110930/5b964fd5/attachment.htm

More information about the Squeak-dev mailing list