MySQL 5.0 / 5.1 and doing away with "old style passwords"

I've got a server running MySQL 5.1 that, when I upgraded it in the past, I left the Tweak Settings --> Use pre-4.1-style MySQL® passwords option turned on. And in my /etc/my.cnf on that servers I have old-passwords=1

I can see that all of the users in mysql.users have 16-byte passwords. Obviously I'm wanting 41-byte passwords.

What is the best / proper / suggested way to go about switching to the new password style on a cPanel server with many accounts [and sql users]?

When you untick Tweak Settings --> Use pre-4.1-style MySQL® passwords, what exactly does cPanel do at that point?

Mike

 

My Password field in mysql.user is already char(41). If I remove old-passwords=1 from /etc/my.cnf and restart MySQL, everything seems to run fine.

If I go into Tweak Settings and unselect Use pre-4.1-style MySQL® passwords, what exactly will this do? I haven't yet figured out what changes this will make.

Mike

 

Easy enough. Looks like I'm good with MySQL then.

Thanks Michael,

Mike

 

I'm trying to prepare for a move to PHP 5.3.

Currently I'm running MySQL 5.1.56
* not using old-passwords=1 (I removed this and restarted MySQL)
* mysql.user has a password field length of 41 bytes long
* password hashes currently in the table are 16 bytes long
* only the test accounts I manually changed passwords on afterwards have 41-byte password hashes

In order to migrate to PHP 5.3, do I need to manually go through and change the password of each user in mysql.user so that it has a 41-byte password hash? I know it's a good idea. It'd be a pain to manually go through each one of those, especially when many of the users are additional MySQL users created by various accountholders.

If the actual _stored_ hash must be 41-bytes in order to work in PHP 5.3, is there an "easy" way to "convert" the 16-byte hashes into 41-byte hashes

Mike

 

Kenneth,

Thanks. I did manage to disable old-passwords=1 and manually change 90% of the main MySQL user accounts and subaccounts on my servers. Of course, four days later I had a customer complaining bout not being able to log into their custom application -- which as it turns out is using old style passwords and password() for authentication in their scripts. I ended up adding old-passwords=1 back to that server. Of course I educated the customer about doing something about their ancient custom script and forewarned them that next week I'd remove old-passwords=1 again.

At any rate, I wish I would have read more about PHP 5.3 and mysqlnd -- specifically the part about short passwords only being a problem if you are using the mysqlnd driver. As long as I don't use mysqlnd, I don't have to get all passwords converted to 41-byte hashes before I upgrade to PHP 5.3.

M