Cannot Connect to MySQL 4.1+ Using Old Authentication

Cannot connect to MySQL 4.1+ using old authentication

edit: This only applies if you are in control of the MySQL server... if you're not take a look at Mysql password hashing method old vs new

First check with the SQL query

SHOW VARIABLES LIKE 'old_passwords'

(in the MySQL command line client, HeidiSQL or whatever front end you like) whether the server is set to use the old password schema by default. If this returns old_passwords,Off you just happen to have old password entries in the user table. The MySQL server will use the old authentication routine for these accounts. You can simply set a new password for the account and the new routine will be used.

You can check which routine will be used by taking a look at the mysql.user table (with an account that has access to that table)

SELECT `User`, `Host`, Length(`Password`) FROM mysql.user

This will return 16 for accounts with old passwords and 41 for accounts with new passwords (and 0 for accounts with no password at all, you might want to take care of those as well).

Either use the user management tools of the MySQL front end (if there are any) or

SET PASSWORD FOR 'User'@'Host'=PASSWORD('yourpassword');
FLUSH Privileges;

(replace User and Host with the values you got from the previous query.) Then check the length of the password again. It should be 41 now and your client (e.g. mysqlnd) should be able to connect to the server.

see also the MySQL documentation:



mysqlnd cannot connect to MySQL 4.1+ using the old insecure authentication

Figured it out! Was an oversight on my part. Apparently, in ZenCart there are 2 files where you have to set your database configuration. One is for the catalog and one for the admin area. Doesn't make a whole lot of sense to me since both of them connect to the same DB. Maybe it has something to do with being able to use one db user for the catalog and one for the admin for security reasons. I just setup a local copy and changed one of the config files without changing the other. The file causing the problems was still pointed at my production database. Knew it had to be something simple!

Error: mysqlnd cannot connect to MySQL 4.1+ using the old insecure authentication

  • Remove or comment old_passwords = 1 in my.cnf

Restart MySQL. If you don’t, MySQL will keep using the old password format, which will mean that you cannot upgrade the passwords using the builtin PASSWORD() hashing function.

The old password hashes are 16 characters, the new ones are 41 characters.

  • Connect to the database, and run the following query:

    SELECT user, Length(`Password`) FROM  `mysql`.`user`;

This will show you which passwords are in the old format, e.g.:

| user | Length(`Password`) |
| root | 41 |
| root | 16 |
| user2 | 16 |
| user2 | 16 |

Notice here that each user can have multiple rows (one for each different host specification).

To update the password for each user, run the following:

UPDATE mysql.user SET Password = PASSWORD('password') WHERE user = 'username';

Finally, flush privileges:


Source: How to fix "mysqlnd cannot connect to MySQL 4.1+ using old authentication" on PHP5.3

PHP 5.4 PDO could not connect to MySQL 4.1+ using the old insecure authentication


Although the SET SESSION old_passwords=0; wasn't working in phpMyAdmin.

I downloaded the MySQL GUI Tools and used the MySQL Query Browser to execute the same command on non-DBO user:

SET SESSION old_passwords = 0;

SELECT @@global.old_passwords, @@session.old_passwords, Length(PASSWORD('abc'));

now returned:

1      0      41

So I simply changed the password:

SET PASSWORD = PASSWORD('my_old_password')

And now PHP 5.4 PDO connects to the database with that user!

Remote mySQL connection throws cannot connect to MySQL 4.1+ using the old insecure authentication error from XAMPP

I'm not really clear on why this became an issue on my XAMPP installation, since I'm also running PHP 5.3.x on the server's local box and wasn't experiencing those issues there. However, it has to do with my mySQL server running in "old password" encryption mode. Newer versions of PHP won't allow those kinds of connections, so you need to update your mySQL server to use the newer password encryption. Here are the steps, assuming you have control over the mySQL server. If you don't, that falls out of the scope of my knowledge.

  1. locate the configuration file for the mysql server called my.cnf. I found mine at /etc/my.cnf. You can edit it with sudo nano /etc/my.cnf

  2. Look for a line that says old_passwords=1 and change that to old_passwords=0. You have now told the server that the next time it is run, and it is asked to encrypt a password using the PASSWORD() command, it use the new 41-character encryption rather than the 16-character 'old' style encryption

  3. Now you have to restart your mysql server / service. YMMV, but on Fedora that was easily done with sudo service mysqld restart. Check your OS' instructions for restarting the mysql daemon or service

  4. Now we have to actually edit our user table within mysql. So open up an interactive shell to mysql (on the server you can type mysql -uYourRootUsername -pYourRootPassword)

  5. Change to the mysql database. This is the database that holds all the good stuff for server operation and authentication. You must have root access to work with this database. If you get an 'access denied' you're SOL. Sorry. use mysql; will switch to that database

  6. Now we want to update the user that was giving you grief. Ultimately you'll probably want to update all your users, but for now, we're just focusing on the user that threw the error. update user set Password=password('YOUR_PASSWORD') where User='YOUR_USERNAME';

  7. Now you just need to tell mysql to use the new password for authentication when that user attempts to connect. flush privileges;.

You should be good to go!

Related Topics

Leave a reply
