[debian-mysql] Bug#845648: Bug#845648: mention how to deal with Pre-4.1 password hash found. It is deprecated and will be removed in a future release. Please upgrade it to a new format warning

Norvald H. Ryeng norvald.ryeng at oracle.com
Fri Nov 25 15:23:53 UTC 2016


On Fri, 25 Nov 2016 22:49:52 +0800
積丹尼 Dan Jacobson <jidanni at jidanni.org> wrote:

> Package: mysql-server
> Version: 5.7.16-1
> 
> Upon upgrade user sees
> 
>  Pre-4.1 password hash found. It is deprecated and will be removed in
> a future release. Please upgrade it to a new format.
> 
> This message is not enough.
> 
> There is only one user on the system.

I agree that the message could've been more precise, e.g., list which
users have old password hashes. This message is output by the
mysql_upgrade script when one or more database users have old,
cryptographically weak password hashes.

You can list the users:

SELECT * FROM mysql.user WHERE LENGTH(password) = 16;

> How does user reset this (which?) password?

ALTER USER 'user' IDENTIFIED BY 'password';

See http://dev.mysql.com/doc/refman/5.7/en/alter-user.html for more
options.

> Yes I am willing to type my password in again. What is it? A user
> password? A system password? A database password? What? Which user?

See above.

> How does user check that the problem is then fixed?

The above query will return no rows.

Here are a few links that explain what's going on:

http://www.tocker.ca/2014/05/14/proposal-to-deprecate-the-old-password-format.html
http://mysqlserverteam.com/removal-and-deprecation-in-mysql-5-7/
http://mysqlblog.fivefarmers.com/2012/05/30/why-your-pre-4-1-client-wont-like-mysql-5-6/
http://dev.mysql.com/doc/refman/5.7/en/password-hashing.html
https://www.percona.com/forums/questions-discussions/mysql-and-percona-server/12516-mysql_upgrade-failing-on-5-5-to-5-6-in-place-upgrade

Regards,

Norvald H. Ryeng



More information about the pkg-mysql-maint mailing list