Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Expired password #373

Closed
marabesi opened this issue Dec 2, 2016 · 13 comments
Closed

Expired password #373

marabesi opened this issue Dec 2, 2016 · 13 comments
Assignees
Labels

Comments

@marabesi
Copy link

@marabesi marabesi commented Dec 2, 2016

Please note that the Homestead issue tracker is reserved for bug reports and
enhancements. We are not always able to debug Vagrant, Virtualbox, VMWare, or Operating System issues but will do our best to help. Thank you!

Vagrant version

Vagrant 1.8.4

Provider & Provider version

Virtualbox 4.3.38r106717

Host operating system

Linux elementary OS 0.3.2 Freya (64-bit) - Built on Ubuntu 14.04

Homestead.yaml

---
ip: "192.168.10.10"
memory: 2048
cpus: 1
provider: virtualbox
version: "0.3.3"
authorize: ~/.ssh/id_rsa.pub
keys:
    - ~/.ssh/id_rsa
folders:
    - map: ~/Code/TrueRev
      to: /home/vagrant/Code/TrueRev
sites:
    - map: truerev.dev
      to: /home/vagrant/Code/TrueRev/public        
databases:
    - homestead
    - truerev_testing
# blackfire:
#     - id: foo
#       token: bar
#       client-id: foo
#       client-token: bar
# ports:
#     - send: 50000
#       to: 5000
#     - send: 7777
#       to: 777
#       protocol: udp

Vagrant up output

https://gist.github.com/marabesi/7ea2a575b6e0c06b59f3384f10bab3b1

Expected behavior

Vagrant should have migrated the files into the database successfully.

Actual behavior

The vagrant up command fails with the following

==> default:   SQLSTATE[HY000] [1862] Your password has expired. To log in you must change it using a client that supports expired passwords.  
==> default:                                                                                                                                   
==> default:                                                                                                                                   
==> default:   [PDOException]                                                                                                                  
==> default:   SQLSTATE[HY000] [1862] Your password has expired. To log in you must change it using a client that supports expired passwords.  

Steps to reproduce

  1. git clone https://github.com/laravel/homestead.git ~/homestead
  2. add the follwoing line to your ~/.homestead/Homestead.yaml
version: "0.3.3"
  1. cd ~/homestead && vagrant up

References

@svpernova09
Copy link
Collaborator

@svpernova09 svpernova09 commented Dec 2, 2016

You're using really far out of date versions.

Your Virtualbox version is way out of date. Please upgrade to 5.1.x and also make sure you update Homestead to 3.1.

If you have to use an old version for a project that's understandable, but you should try to upgrade to stay up to date.

A solution to your problem is putting the commands to reset the mysql password in your after.sh shell script. That should fix the issue every time you provision that version of the environment.

@svpernova09 svpernova09 closed this Dec 2, 2016
@marabesi
Copy link
Author

@marabesi marabesi commented Dec 3, 2016

Hello @svpernova09 ok no problem thanks for your time.

Just a quick correction in your solution, is not possible to add the mysql command into after.sh. This is because homestead executes previous sql statements that rises the error.

Also I know that this issue is not caused by virtualbox version, this issue is in the MySQL.

Anyway, thanks !

@andrewhood125
Copy link
Contributor

@andrewhood125 andrewhood125 commented Dec 3, 2016

@marabesi when did you first notice this issue? I have a hunch it's based off of when the vm was built https://github.com/laravel/settler that is. If that' the case and you wanted to stick with the 0.3.x series of settler. It would require at the very minimum of a new release of that series. Which is very unlikely to happen since the latest is 0.6.1. Settler would be the right place to set a password that doesn't expire. Are you unable to upgrade to the lastest? I'll try and recreate this. I wonder if the bug still exists with the most up-to-date vm boxes they just haven't hit the default password expiry. I've read that it's 6 months somewhere but I've seen conflicting information.

https://atlas.hashicorp.com/laravel/boxes/homestead
https://github.com/laravel/settler
https://dev.mysql.com/doc/refman/5.7/en/password-expiration-policy.html

@marabesi
Copy link
Author

@marabesi marabesi commented Dec 5, 2016

Hello @andrewhood125 I just noticed this issue because I was trying to create a shell script to automate the homestead + vagrant setup.

The issue is really simple, when I use the 0.3.3 box I can't execute any mysql commands till I update the password.

@w0rd-driven
Copy link

@w0rd-driven w0rd-driven commented Dec 6, 2016

The later boxes don't have this problem because MySQL 5.7.10 relaxed the default_password_lifetime setting back to 0 from 360. The date of the passwords for homestead and root were set on 11/13/2015, 360 days after that, or 11/7/2016, both of those passwords expired. The key to noticing this is in the note section of https://dev.mysql.com/doc/refman/5.7/en/password-expiration-policy.html, specifically From MySQL 5.7.4 to 5.7.10, the default default_password_lifetime value is 360

The fix of setting the password is only a bandaid as 360 days from provisioning the password will expire again.

While Homestead v3+ allows you to set the version like this, the provisioning scripts run service php7-fpm restart which won't work on this box as it's PHP 5.6. If your intention is to support 5.6 it's better to use Homestead v2 and as such, apply the more permanent fix there.

It would look something like the following:

#!/usr/bin/env bash

cat > ~/.my.cnf << EOF
[client]
user = homestead
password = secret
host = localhost
EOF

DB=$1;

block="[mysqld]
default_password_lifetime = 0"
echo "$block" > "/etc/mysql/conf.d/password_expiration.cnf"

service mysql restart

mysql -e "CREATE DATABASE IF NOT EXISTS \`$DB\` DEFAULT CHARACTER SET utf8 DEFAULT COLLATE utf8_unicode_ci";

Note: This will not work for any other version the box because the mysql config directory changed in higher versions of MySQL 5.7 as well. It should no longer be needed honestly, or at least until the MySQL gods wish to inflict this scourge upon us again.

@andrewhood125
Copy link
Contributor

@andrewhood125 andrewhood125 commented Dec 6, 2016

@w0rd-driven thanks for the research here. MySQL 5.7.10 relaxed the default_password_lifetime setting back to 0 from 360.

So it sounds like we need an answer here if Homestead is going to support PHP 5.6 and for how long we will do that. @taylorotwell, @svpernova09 ?

@svpernova09
Copy link
Collaborator

@svpernova09 svpernova09 commented Dec 6, 2016

IMHO we should support Homestead (as best we can) to support the same versions of PHP that the framework itself requires. Which would mean to support Laravel 5.1 we'd have to support PHP >= 5.5.9

@w0rd-driven
Copy link

@w0rd-driven w0rd-driven commented Dec 6, 2016

I don't think I mentioned it, but the later versions of settler and subsequently boxes > 0.3.3 have the default_password_lifetime explicitly set to 0 as covered by laravel/settler#60. http://mysqlserverteam.com/an-update-on-default_password_lifetime/ talks about the option possibly being revisited in the future so it's good that it's already handled.

Fortunately, it seems this issue is only specific to 0.3.3.

I submitted this PR to settler and the work involved was extensive to say the least, just to try to upgrade MySQL beyond v5.7.10. The box I created from this patch is primarily functional but I don't have projects that would put Postgres, HHVM, Redis, or any of the other services through their paces. The easier fix is to just patch Homestead as I couldn't guarantee the changes in ppas or system packages didn't radically destabilize the system.

@andrewhood125
Copy link
Contributor

@andrewhood125 andrewhood125 commented Dec 6, 2016

So if someone took 0.3.3 and:

"default_password_lifetime = 0" >> /etc/mysql/my.cnf
mysql --connect-expired-password -e "SET PASSWORD = PASSWORD('secret');";

or something close to that.

Repackaged it as 0.3.4 it would fix the problem right?

@svpernova09 seems totally fair. So that would put this in the "needs to be fixed" bucket. Can we reopen?

@svpernova09 svpernova09 reopened this Dec 7, 2016
@svpernova09 svpernova09 self-assigned this Dec 7, 2016
@svpernova09
Copy link
Collaborator

@svpernova09 svpernova09 commented Dec 7, 2016

Where you have Homestead installed open scripts/homestead.rb and look for a line that is similar to config.vm.box = settings["box"] ||= "laravel/homestead" and change that line to config.vm.box = settings["box"] ||= "Svpernova09/homestead-legacy"

If there is a line similar to config.vm.box_version = settings["version"] ||= ">= X.X.X" where X.X.X is a version, comment that line out by putting a # in front of it.

Run vagrant up and the box will download. Let me know if that solves your problem. If that does work please let me know what version of Homestead you're using.

@w0rd-driven
Copy link

@w0rd-driven w0rd-driven commented Dec 7, 2016

You wouldn't need to call mysql --connect-expired-password -e "SET PASSWORD = PASSWORD('secret');"; at all, unless you wanted to reset the password time.

Setting default_password_lifetime is enough to solve the problem the next time MySQL is started.

@svpernova09
Copy link
Collaborator

@svpernova09 svpernova09 commented Dec 7, 2016

@w0rd-driven See my previous comment and let me know if that solves your problem.

@svpernova09 svpernova09 closed this Dec 7, 2016
@vinodpal
Copy link

@vinodpal vinodpal commented Jan 21, 2020

I am trying to write a shell script for on premise system. OS is Red Hat.
My script is below one, in it all thing working fine except set new password from default generated password which one its fetching from file path /etc/.mysql_secret

#!/usr/bin/sh

# MYSQL DEPLOYMENT

#variables
hostId="localhost"
newPasswrod="password"
newDatabase="mydb"
newUser="mymysql"

#install mysql with rpm files.
echo "installing mysql with rpm files."
rpm -ivh perl-Data-Dumper-2.145-3.el7.x86_64.rpm
rpm -ivh lib64numa1-2.0.12-1.mga7.x86_64.rpm
rpm -ivh libaio-0.3.109-13.el7.x86_64.rpm

tar xvf MySQL-5.6.46-1.el7.x86_64.rpm-bundle.tar
rpm -ivh MySQL-shared-5.6.46-1.el7.x86_64.rpm
rpm -ivh MySQL-shared-5.6.46-1.el7.x86_64.rpm
rpm -ivh MySQL-client-5.6.46-1.el7.x86_64.rpm

rpm -e --nodeps "mariadb-libs-5.5.64-1.el7.x86_64"

rpm -ivh MySQL-server-5.6.46-1.el7.x86_64.rpm

mysqlPasswordFile="/root/.mysql_secret"
echo "retrieve password from default location" 
#retrieve password from default location example with below parameter.
# The random password set for the root user at Mon Jan 13 11:00:59 2020 (local time): 4ug4P6drlfrN_vaE
mysqlPassword=` grep  '.*' $mysqlPasswordFile | cut -d : -f 4-`
mysqlPassword=`echo $mysqlPassword | sed 's/ *$//g'`
echo "default password is : $mysqlPassword"
# mysqlPassword=4ug4P6drlfrN_vaE 

# start mysql server
sudo service mysql start
echo "started mysql"

sleep 1s
# set new passwrd and create new user.
echo "set new passwrd and create new user"
if [ $mysqlPassword ] ; then
  mysql -u root -h "$hostId" -p"$mysqlPassword" -e "set password for root@'localhost'=password('$newPasswrod')"
  mysql -u root -h "$hostId" -p"$newPasswrod" -e "SHOW DATABASES"
  mysql -u root -h "$hostId" -p"$newPasswrod" -e "FLUSH PRIVILEGES;"
fi

Its throwing below error when its going to set new password

ERROR 1862 (HY000): Your password has expired. To log in you must change it using a client that supports expired passwords.

New password set direct when try by below way:-

#Default password 4ug4P6drlfrN_vaE
mysql -u root -p4ug4P6drlfrN_vaE 
set password for root@'localhost'=password('mysql');

I want achieve this thing by shell script.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
5 participants
You can’t perform that action at this time.