PHP 5.3 mysqlnd requires new-style passwords

[geofft]

The sql.mit.edu servers currently have old_passwords=1 set in the mysqld configuration for compatibility with MySQL 3.x and 4.x clients. The ​MySQL native driver in PHP 5.3 only knows how to deal with ​new-style passwords; this will probably bite us hard when we move to PHP 5.3 as part of upgrading to Fedora 13.

We'll need to either figure out if we can do the backward-compatible but insecure hack of making PHP clients able to use old-style passwords (disable the native driver? patch it?), or if we can drop support for MySQL clients that don't support new-style passwords, i.e., 4.0.x and below.

[mitchb]

Fortunately for us, the F13 packages have not begun to build with the option that enables mysqlnd for any of the mysql, mysqli, or pdo-mysql extensions. As a result, they all still use the libmysql client library, which supports both types of passwords (as well as such niceties as SSL). So, while sql and scripts should probably figure out whether/when we can discontinue keeping the less secure compatibility passwords around, this doesn't pose an issue for the F13 upgrade.

[andersk]

As far as I can see, we can just do this. The only reason we couldn’t just do this would be if someone was still using libmysqlclient 4.0.x or earlier against sql.mit.edu. MySQL 4.1 was certified production-ready in October 2004, and MySQL 4.0.x reached ​end-of-life on December 31, 2008. The current scripts servers have libmysqlclient 5.1.56.

[ezyang]

No change for Fedora 15, so we can punt it another year if we really wanted to...

[ezyang]

mysqlnd is a subpackage in Fedora 16+, but you don't have to use it, so we can punt this issue again.

[achernya]

After years of delay, the changeover finally strikes. There's no php-mysql, only a php-mysqlnd in F19.

[quentin]

Note that we will need to rehash passwords on sql.mit.edu before we can authenticate with mysqlnd, even after we change the flag to allow new-style passwords.

[achernya]

Passwords have been rehashed.