Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

connecting to MySQL 8.0.12 configured for strong password encryption #240

Open
starquestv opened this issue Aug 29, 2018 · 13 comments
Open

connecting to MySQL 8.0.12 configured for strong password encryption #240

starquestv opened this issue Aug 29, 2018 · 13 comments

Comments

@starquestv
Copy link

@starquestv starquestv commented Aug 29, 2018

Get this error when connecting to a MySQL 8.0.12 server configured for strong password encryption (rather than Legacy authentication method)

com.github.shyiko.mysql.binlog.network.AuthenticationException: Client does not support authentication protocol requested by server; consider upgrading MySQL client

Note that a new level (8.0.x) of ODBC and JDBC connectors is required when connecting to such a server; I suspect that mysql-binlog-connector needs a similar change.

@shyiko

This comment has been minimized.

Copy link
Owner

@shyiko shyiko commented Aug 29, 2018

Hi @starquestv. Any chance you can provide docker image/vagrant box that I can use to reproduce?
mysql-binlog-connector-java is already using Secure Password Authentication.

@starquestv

This comment has been minimized.

Copy link
Author

@starquestv starquestv commented Aug 29, 2018

Thanks for the quick response!

Sorry – we don’t have a docker image (and I don’t even know what a vagrant box is.. guess I have some reading to do...) I installed the Community Edition of MySQL 8.0.12 (from https://dev.mysql.com/downloads/mysql/ ) on a Windows system.

If mysql-binlog-connector-java is already using Secure Password Authentication, perhaps there is something different in the way we should make the connection? Any new parameters?

    logClient = new BinaryLogClient(host, Integer.parseInt(port), user, password);

We are using the latest posted jar file (.16.1) from April. Was the Secure Password Authentication support added after that?

@shyiko

This comment has been minimized.

Copy link
Owner

@shyiko shyiko commented Aug 29, 2018

0.16.1 is fine. AuthenticateCommand hasn't changed in 3 years. How about my.conf? (XXX whatever you deem to be security sensitive).

@starquestv

This comment has been minimized.

Copy link
Author

@starquestv starquestv commented Aug 29, 2018

my.ini.txt
uploaded (I had to add .txt extension)

Pretty basic - the only entries of interest (I think) are:

The default authentication plugin to be used when connecting to the server
default_authentication_plugin=caching_sha2_password

Binary Logging.
log-bin="SRV123-bin"

@shyiko

This comment has been minimized.

Copy link
Owner

@shyiko shyiko commented Aug 29, 2018

Thanks. The thing is - sha2_password authentication method is a little bit different from Secure Password Authentication. It should be relatively easy to implement but it's not supported at the moment. If you willing to give it try I can provide some guidance on how to assemble a PR.

@starquestv

This comment has been minimized.

Copy link
Author

@starquestv starquestv commented Aug 30, 2018

Thanks. I'm not sure what a PR is?

But this is low priority for us, as we don't have any customers with this scenario - just something I have been setting up in our test lab to be proactive. So I expect that my directive will be to not spend much time on this, especially since you pointed me in the direction of a workaround (first I saw how to revert to mysql_native_password for the entire database by editing my.ini, and when that didn't affect the already-created user, I realized I could do an ALTER USER for just the one user in our app that uses the binlog-connector). So I have a workaround for when/if we encounter a customer with this setup (at least for the trial period - even if a customer is unwilling to loosen security on their Production system, they most likely would be willing to do it temporarily on a QA system).

@shyiko

This comment has been minimized.

Copy link
Owner

@shyiko shyiko commented Aug 30, 2018

PR is short for Pull Request.
Alrighty, I'll keep this issue open until it's taken care of (one way or the other).

@Tengchiayueh

This comment has been minimized.

Copy link

@Tengchiayueh Tengchiayueh commented May 21, 2019

@shyiko Hi, there. I already use version 0.20.1 of mysql-binlog-connector-java.
I thought you guys maybe solve this problem, but I got this error log

com.github.shyiko.mysql.binlog.network.AuthenticationException: Client does not support authentication protocol requested by server; consider upgrading MySQL client

Is my mistake or just not figure it out?

mysql version "Ver 8.0.16 for macos10.14 on x86_64 (MySQL Community Server - GPL)"

@starquestv

This comment has been minimized.

Copy link
Author

@starquestv starquestv commented May 21, 2019

As far as I know, this issue has not been resolved yet. As mentioned, my workaround is to do an ALTER USER for just the one user in our app that uses the binlog-connector - i.e. configure the user to use legacy password authentication:
ALTER USER SQDR IDENTIFIED WITH mysql_native_password BY 'mypassword';

@Tengchiayueh

This comment has been minimized.

Copy link

@Tengchiayueh Tengchiayueh commented May 22, 2019

Brilliant, I'll use this solution too.

Thank you!

@yaoqi

This comment has been minimized.

Copy link

@yaoqi yaoqi commented Aug 9, 2019

@shyiko do you have any plan to fix it? i miss the same problem. using version:0.20.1

@dingxiaobo

This comment has been minimized.

Copy link

@dingxiaobo dingxiaobo commented Oct 12, 2019

I just open a PR to fix this issue. but Travis seems not work correct. Can you review the PR and release a new version ASAP ? thanks. @shyiko

@kwonglau

This comment has been minimized.

Copy link

@kwonglau kwonglau commented Nov 17, 2019

@shyiko Would you review this pr? thanks.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
6 participants
You can’t perform that action at this time.