Apache 2.2 authn_dbd MySQL centos

Seem using authn_dbd MySQL is somewhat new and searching the net only finds lots and lots of people having problems or overly complicated documents on how to set things up.

I'll give the experts a shot and see if someone would be kind enough to walk me through this and help me get this working on Centos 6.5.

Currently, I am using htaccess and htpasswd to authenticate connections to a web site. I already have a MySQL table called htaccess where my username/password are being stored. This is generated by another application and I then run a bash script to extract the credentials now and then, rebuilding my .htpasswd file.

Now, I'd like to stop using the .htpasswd file and use the database directly for authentication.

I have both mod_authn_dbd.so and mod_dbd.so enabled and am ready to do the steps needed to convert from .htpasswd to db.

The server is Centos 6.5.
mysql-5.5.40
httpd-2.2.15

Help!
projectsAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Phil DavidsonCommented:
I'm assuming you could not run manual updates (e.g., look at the contents of the .htpasswd file and make SQL inserts).  In any case the target database in the mysql database is mysql.user.  You could write  a Perl script to automatically put the username/password combinations into mysql.user from the .htpasswd file.  The mysql.user table does authentication.

For more information on this table, read this: http://dev.mysql.com/doc/refman/5.1/en/adding-users.html
0
projectsAuthor Commented:
I already have my users and passwords in mysql. What I am wanting to do is to set up apache to use that databate table to authenticate users instead of an .htpasswd file.
0
Phil DavidsonCommented:
You need to install the Apache Portable Runtime module to permit MySQL database authentication.  The one you need is named mod_authn_dbd.

On the apache server, go to the Linux prompt and try this:
$ sudo apt-get install libaprutil1-dbd-mysql

Open in new window


If you get a message like “DBD: Can’t load driver file apr_dbd_mysql.so” then this is what you need to do – don’t believe the articles that tell you you need to recompile APR

(The above command and above quote were taken from this site: https://alimanfoo.wordpress.com/2010/11/17/apache-authentication-and-mysql/ 
CentOS may require a different command in your environment however.  The article above is for Ubuntu.)

To learn about the module that enables you to bypass the .htpasswd file, go here:
http://httpd.apache.org/docs/2.2/mod/mod_authn_dbd.html

You may need to use a special Apache encryption on the table that has the usernames and passwords (as opposed to a default encryption method):
http://httpd.apache.org/docs/2.2/misc/password_encryptions.html

Remember to use best practices with security.  You may want to put the Apache server in a DMZ and the database server behind a firewall.  You may want to use Security Enhanced Linux, disable services you don't need (e.g., cron, ICMP, etc.)  You may want to enable IP tables and make sure everything is patched.  I recommend using an IDS that is a separate appliance from a firewall.
0
Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

projectsAuthor Commented:
Yes, I have the proper modules loaded.
I have iptables enabled of course but not sure what you mean by patched? Do you just mean Centos being fully updated?

The link you sent me;
http://httpd.apache.org/docs/2.2/mod/mod_authn_dbd.html

seems to imply that all I need is some directives and no more need for .htaccess?
0
Phil DavidsonCommented:
I don't think you'll need .htaccess.  The MySQL database will do the authentication.

I have iptables enabled of course but not sure what you mean by patched? Do you just mean Centos being fully updated?

Yes, I mean update CentOS regularly.

Did you install the DBD module?
0
projectsAuthor Commented:
Yes, it's installed. Yes, Centos is always updated.

My hope was to be walked through this because reading endless documents is simply more confusing than having someone help you one step at a time.
0
Phil DavidsonCommented:
Every environment is different.  The starting point and goal are also different.  Using a MySQL database is great for busy web servers handling large numbers of authentications.  (Flat files with Apache aren't as efficient as utilizing a database for authentication.)

While I know you don't want to read endless documents, your goal is fairly ambitious.  I think this URL may help: http://bignosebird.com/notebook/mysqlauth.shtml

I am still willing to answer specific questions if that document above doesn't help.  Good luck with what you decide.  I wish I could have done more from the beginning.
0
projectsAuthor Commented:
Ambitious? The user names and the passwords are already in mysql. All I need to know is how to set up apache to use that. It's already working using .htaccess and .htpasswd. Why do you think this is ambitious?

Currently, I am generating an .htpasswd file by looking up the data in that table and regenerating a new .htpasswd. However, at some point, this will not be very efficient so would like to change .htpasswd to mysql lookup instead.
0
Phil DavidsonCommented:
Is your httpd.conf file configured to use MySQL?

This stanza should appear:
Auth_MySQL_Info coolServer mike coolPassword

Where coolServer is the name of your server.  Where mike is a user that has access to the authentication table in the MySQL database and coolPassword is mike's password for the MySQL table.
0
projectsAuthor Commented:
And how do I test this?
I mean, where do I see or test for this stanza?
0
Phil DavidsonCommented:
You won't see it in the httpd.conf file.  Make a backup of the file.  Then you should insert that stanza into httpd.conf (usually in /etc/httpd/conf/).  (Naturally it needs to be modified as I used coolServer, mike, and coolPassword.) It should not be: 1) the last line in the file.  2) in the virtualhost section of this file. 3) in the directory section of this file.

I would try relatively high in the httpd.conf file.  But remember the three requirements above.  If you wanted a blended authentication (with some htaccess files), that may be possible.  But then the placement of this stanza becomes even more critical.

To test it, you could try stopping and restarting Apache services.  I would try a couple different places if the first attempt doesn't work.
0
projectsAuthor Commented:
I see no mention of the actual database however so apache would not know which db to use?

Looks like this also needs to be added
Auth_MySQL_General_DB database_name

BUT, that leads to an error.

Starting httpd: Syntax error on line 27 of /etc/httpd/conf/httpd.conf:
Invalid command 'Auth_MySQL_Info', perhaps misspelled or defined by a module not included in the server configuration


I would really prefer to use .htaccess for this instead of changing httpd.conf however.
0
Phil DavidsonCommented:
You can use .htaccess instead of httpd.conf.  I am less familiar with this method.

Please find a spot that looks good in the .htaccess file for this:

AuthName "MySQL Testing"
 AuthType Basic
 AuthMySQLHost nameOfServerHostingMySQLDB
 AuthMySQLDB nameOfMySQLDB
 AuthMySQLUserTable mysql_user
 AuthMySQLEnable On
 require valid-user

Open in new window


The AuthName value is arbitrary and should be descriptive.  It is the name of a "realm."  This directive (or realm assignment) can enhance debugging (e.g., in logs or at runtime) by providing context.
0
projectsAuthor Commented:
Wait now, so I don't mess something up.
You are saying remove the items I put into httpd.conf and put these in .htaccess instead?
Now, I see I can now add the db name but where do I enter the rest of the credentials?
0
Phil DavidsonCommented:
You are saying remove the items I put into httpd.conf and put these in .htaccess instead?

Actually I would remove them but NOT put them in htaccess.

Now, I see I can now add the db name but where do I enter the rest of the credentials?

The credentials that the users will enter?  The credentials that will presumably be used to validate the user/password attempt from the web page?

If you were asking the latter question, add these stanzas:
   AuthMySQLUser nonRootUser
   AuthMySQLPassword  thePasswordForAboveUser

Open in new window


nonRootUser is the user name of a database account that has select (read) permissions on the mysql_user table.  thePasswordForAbover user is the password for this account.  Don't use the root user.

I should have included the above code stanzas in the last response.  I recommend you read this link if you have additional questions: http://modauthmysql.sourceforge.net/CONFIGURE
0
projectsAuthor Commented:
Sorry, totally confused now :).

You said not in httpd but also not in .htaccess so where then?
The stanza you first showed didn't contain the database name.
Everything I find on the net is nothing but confusing because everyone is telling everyone else to use directives which are too often different in each reply. I've tried many combinations in the replies that I've read and nothing has worked.

My question is simply trying to figure out where to put the correct directives for apache to know to look up the user credentials in the right database and table.

The users/passwords are all in a table so all I need to do is tell apache what it's allowed credentials are to connect to the database and authenticate the user, one of many in that table.
0
Phil DavidsonCommented:
Sorry once again.  For this quote, let me make a correction.

Actually I would remove them but NOT put them in htaccess.

Do remove them from httpd.conf.  Do put them into .htaccess.

Have you tried putting these in .htaccess?  (Naturally some of the values are symbolic and you'd have to change the nonRootUser and thePasswordForAboveUser.

 AuthName "MySQL Testing"
 AuthType Basic
 AuthMySQLHost nameOfServerHostingMySQLDB
 AuthMySQLDB nameOfMySQLDB
 AuthMySQLUserTable mysql_user
 AuthMySQLEnable On
 AuthMySQLUser nonRootUser
 AuthMySQLPassword  thePasswordForAboveUser
 require valid-user

Open in new window


What happens when you try to access the web page?  Is there a place to enter credentials (that will be validated against the mysql_user table)?  I'd like to know the error message (if any) or the undesired behavior.
0
projectsAuthor Commented:
I'm sorry, things got confusing again. Earlier, you said I could do it all in htaccess but just above you said NO, don't remove the stanza from the httpd.conf file.

If you can confirm the steps, I'll make sure they are done.

1: add or don't add the following in httpd.conf;
Auth_MySQL_Info localhost dbuser dbpassword
Auth_MySQL_General_DB database_name

2: add this into .htaccess for the directory I want to protect

 AuthName "MySQL Testing"
 AuthType Basic
 AuthMySQLHost nameOfServerHostingMySQLDB
 AuthMySQLDB nameOfMySQLDB
 AuthMySQLUserTable mysql_user
 AuthMySQLEnable On
 AuthMySQLUser nonRootUser
 AuthMySQLPassword  thePasswordForAboveUser
 require valid-user


So, what is not clear is where I am actually putting the db credentials because I am almost sure they aren't needed in both the httpd.conf and the .htaccess file.

The authentication simply needs to look at the database table which contains all of the username/password details for the allowed users.
0
Phil DavidsonCommented:
1: add or don't add the following in httpd.conf;
Auth_MySQL_Info localhost dbuser dbpassword
Auth_MySQL_General_DB database_name


Don't add.


2: add this into .htaccess for the directory I want to protect

 AuthName "MySQL Testing"
 AuthType Basic
 AuthMySQLHost nameOfServerHostingMySQLDB
 AuthMySQLDB nameOfMySQLDB
 AuthMySQLUserTable mysql_user
 AuthMySQLEnable On
 AuthMySQLUser nonRootUser
 AuthMySQLPassword  thePasswordForAboveUser
 require valid-user

Yes, add it.

So, what is not clear is where I am actually putting the db credentials because I am almost sure they aren't needed in both the httpd.conf and the .htaccess file.

They are NOT needed in the httpd.conf file.  They are needed in the .htaccess file.
0
projectsAuthor Commented:
Ok, so, nothing in httpd.conf.

I've created a /test directory and put the new .htaccess file in there.
Without it, I simply get a directory listing and with it, I get prompted.

The username/password are in the db table I've specified but after I enter the credentials, the credentials pop up simply keeps popping up.

Note that the passwords in the DB are not encrypted, perhaps that is why?
0
Phil DavidsonCommented:
Can you create a MySQL connection with the username and password that were hardcoded in the .htaccess file?  If you cannot, that is the problem.  This username and password should be possible to log into the database directly (without a web page).  The username and password should be able to access at minimum the table with the user credentials. This table will have the username and password pairs that will ultimately give access to the folder (web page) you want to protect.

There are different ways of connecting to a MySQL database (e.g., from the command prompt or from a SQL front end like TOAD).
0
projectsAuthor Commented:
Yes, I use the same credentials for other things as well locally on the system.
Just tested from the command line to make sure something odd wasn't in the mix and I got in fine.
0
Phil DavidsonCommented:
When access it via the web page, do you get locked out after 5 attempts?  Can you set the maximum attempts to something like 3 or 5, then try to lock yourself out.  Please tell me if you get locked out (e.g., with an error or some form of proof in the database table).  I'm not sure how far those credentials are getting in the authentication process.

Now that we know the credentials work, can you get into the MySQL database with those credentials via a SQL front end application (e.g., TOAD, SQL Golden etc.).  Maybe there is some network or security issue preventing the remote authentication.
0
projectsAuthor Commented:
Yes, those same credentials are being used by another application at all times which is also how I know it's working.

Also, I have a script I use to read the database for certain things in that same table so also know it's working because of this.

Tried it some seven times and never locked me out.
I don't have any lock out setting. What should I add to test again?

I put the .htaccess directly into the directory I am testing and not at the top of the site.
Mainly because I don't want to disrupt anything else that is going on, on this site.
0
Phil DavidsonCommented:
Can you start the mysqld process with the debug option?

http://dev.mysql.com/doc/refman/4.1/en/server-options.html#option_mysqld_debug

If you can do this, then try to log in several times. There should be debugging information.  If the username or password don't work, that would help us.  If the debugging trace only shows connections done on the server, and not the failed attempts from the web page, that would help us isolate the problem (as the credentials may not even be getting to the mysql.user table).
0
projectsAuthor Commented:
I do see this in the logs;

MySQL ERROR: Unknown column 'user_password' in 'field list': /test/
MySQL user xxxxx not found: /test/

I have my test .htaccess file in the /test directory. I've not idea why there is this error. There is no mention of 'user_password' anywhere. The file has the proper credentials, database and table configured.
0
Phil DavidsonCommented:
I am not 100% sure that the message pertains to the user credentials being entered on the website or the authentication of the file itself to the MySQL database and mysql_user table.

What are the names of the usernames and passwords columns in mysql_user table?

Can you restart the MySQL database and try again for good measure?  Please restart apache webservices too.

Can you search the .htaccess file for the user_password?  Was it something that you may have added earlier or separately?
0
projectsAuthor Commented:
Rather confusing no? This should work?

The file contains;

AuthName "No Logging"
AuthType Basic
AuthMySQLHost localhost
AuthMySQLDB dbname
AuthMySQLUserTable htaccess
AuthMySQLEnable On
AuthMySQLUser xxxx
AuthMySQLPassword xxxx
require valid-user

The htaccess table has only two fields, username and password

I restarted mysql, no difference.

Tested again;

MySQL ERROR: Unknown column 'user_password' in 'field list': /test/
MySQL user testuser not found: /test/

I was thinking... can I change any line/s in this to test if my .htpasswd file would work?
0
Phil DavidsonCommented:
can I change any line/s in this to test if my .htpasswd file would work?

Make a backup.  Then yes, test away.  This is I.T., so please don't give up.  After you back it up, you may want to delete it.  It should be a collection of username and password pairs. But the password won't be recongnizable.  If you can delete it, you may eliminate problems.  I'll be honest, it may be necessary.  So please keep the backup.

What are the names of the usernames and passwords columns in mysql_user table called?  Do you refer to htaccess and mysql_user interchangably to describe this table?  The configuration above is expecting the MySQL name to be htaccess.  It also expects the database to be on the web server itself.  I'm assuming you used "dbname" in the posting above as a placeholder (otherwise the database name must be dbname for the configuration file to work).

Does the web server have the MySQL database on it?  The file is configured that way.  It is ok to not use a multi-tiered configuration (with a separate MySQL database server and a separate web server).  I just want to double check.

For future reference I place three links that could help us fix this problem:

This URL has a good section called "Using a MySQL database for Apache Authentication":
http://www.yolinux.com/TUTORIALS/LinuxTutorialApacheAddingLoginSiteProtection.html

If you cannot find help with that page, please check this one too: http://www.widexl.com/tutorials/htaccess.html

A more thorough resource: http://httpd.apache.org/docs/current/howto/auth.html
0
projectsAuthor Commented:
>Make a backup

Yes, I always have backups :).

>After you back it up, you may want to delete it.  It should be a collection of username and password >pairs. But the password won't be recongnizable.  If you can delete it, you may eliminate problems.

What I meant was, change some lines in the htaccess in order to test that it works using the .htpasswd file I am already using with other connections until I can get this working.

>What are the names of the usernames and passwords columns in mysql_user table called?  
>Do you refer to htaccess and mysql_user interchangably to describe this table?

As mentioned above...

Table htaccess in database xxx
Select all. | Invert selection.
    	Field name    	Type    	Allow nulls?    	Key    	Default value    	Extras   
	username 	varchar(45) 	No 	Primary 	NULL 	
	password 	char(45) 	No 	None 	NULL

Open in new window


>It also expects the database to be on the web server itself.

Yes, the database is on the local server.  

>I'm assuming you used "dbname" in the posting above as a placeholder

Yes, of course :).

>Does the web server have the MySQL database on it?

Yes, of course :).

>It is ok to not use a multi-tiered configuration (with a separate MySQL database server and a
>separate web server).  I just want to double check.

Yes, on occasion, I have to do that, use multiple external MySQL servers with one or more applications. This happens but in this case, it's nice and simple, a test setup using simple field names to get this working.

>For future reference I place three links that could help us fix this problem:

I have read until my eyes could bleed and is why I have posted this question for help.
0
gheistCommented:
Yes, CentOS is updated, but not within last 12 months, at least version number says so...
How did you get mysql 5.5.40 if default is 5.1?
0
projectsAuthor Commented:
I always use remi/epel repos when I need to run newer versions of la,p related things.
0
gheistCommented:
rpm -ql | grep ^php

yum info XXXX (where XXXX is php- the one you have instaled)
I just need repository...

It should not load different mysql client library than apache (libmyslqclient*) - please check that you have one only.
0
projectsAuthor Commented:
Installed Packages
Name        : php
Arch        : x86_64
Version     : 5.4.32
Release     : 1.el6.remi
Size        : 9.2 M
Repo        : installed
From repo   : remi
Summary     : PHP scripting language for creating dynamic web sites
URL         : http://www.php.net/
License     : PHP and Zend and BSD
Description : PHP is an HTML-embedded scripting language. PHP attempts to make it
            : easy for developers to write dynamically generated web pages. PHP also
            : offers built-in database integration for several commercial and
            : non-commercial database management systems, so writing a
            : database-enabled webpage with PHP is fairly simple. The most common
            : use of PHP coding is probably as a replacement for CGI scripts.
            :
            : The php package contains the module (often referred to as mod_php)
            : which adds support for the PHP language to Apache HTTP Server.

Installed Packages
Name        : mysql
Arch        : x86_64
Version     : 5.5.40
Release     : 1.el6.remi
Size        : 29 M
Repo        : installed
From repo   : remi
Summary     : MySQL client programs and shared libraries
URL         : http://www.mysql.com
License     : GPLv2 with exceptions and LGPLv2 and BSD
Description : MySQL is a multi-user, multi-threaded SQL database server. MySQL is a
            : client/server implementation consisting of a server daemon (mysqld)
            : and many different client programs and libraries. The base package
            : contains the standard MySQL client programs and generic MySQL files.
0
gheistCommented:
libmysqlclient* ?
Now guess which php modules are active and verify that it's all mysql modules load exactly same mysql libraries as apache mysql module.

it is not easy but http://wiki.centos.org/AdditionalResources/Repositories/SCL you can get same with centos
0
projectsAuthor Commented:
Nothing what so ever for libmysqlclient. Don't ever recall needing that for LAMP setups.
php-mysql 5.4.32-1.el6.remi
mysql 5.5.40-1.el6.remi

All that's needed for php/mysql access however is mysql, the client and php-mysql which are both installed.

Not quite sure what you are asking for but, I also have the following installed. Remember that I also have a number of web sites running on this server so have all standard LAMP things installed too.

Are you asking me to list all php loaded modules?

core prefork http_core mod_so mod_auth_basic mod_authn_dbd mod_dbd mod_auth_digest mod_authn_file mod_authn_alias mod_authn_anon mod_authn_dbm mod_authn_default mod_authz_host mod_authz_user mod_authz_owner mod_authz_groupfile mod_authz_dbm mod_authz_default util_ldap mod_authnz_ldap mod_include mod_log_config mod_logio mod_env mod_ext_filter mod_mime_magic mod_expires mod_deflate mod_headers mod_usertrack mod_setenvif mod_mime mod_dav mod_status mod_autoindex mod_info mod_dav_fs mod_vhost_alias mod_negotiation mod_dir mod_actions mod_speling mod_userdir mod_alias mod_substitute mod_rewrite mod_proxy mod_proxy_balancer mod_proxy_ftp mod_proxy_http mod_proxy_ajp mod_proxy_connect mod_cache mod_suexec mod_disk_cache mod_cgi mod_version mod_auth_mysql mod_php5 mod_ssl
0
gheistCommented:
Are all mysql clients loaded inside same apache process linked to same libmysqlclient.so.XXX library?

ldd /usr/lib64/httpd/modules/mod_auth_mysql.so
ldd /usr/lib64/php/moduls/mysql.so
ldd /usr/lib64/php/moduls/mysqli.so
0
projectsAuthor Commented:
# ldd /usr/lib64/httpd/modules/mod_auth_mysql.so
        linux-vdso.so.1 =>  (0x00007fff3770b000)
        libmysqlclient.so.16 => /usr/lib64/mysql/libmysqlclient.so.16 (0x00007fe59c4ef000)
        libc.so.6 => /lib64/libc.so.6 (0x00007fe59c15b000)
        libpthread.so.0 => /lib64/libpthread.so.0 (0x00007fe59bf3d000)
        libcrypt.so.1 => /lib64/libcrypt.so.1 (0x00007fe59bd06000)
        libnsl.so.1 => /lib64/libnsl.so.1 (0x00007fe59baed000)
        libm.so.6 => /lib64/libm.so.6 (0x00007fe59b868000)
        libz.so.1 => /lib64/libz.so.1 (0x00007fe59b652000)
        /lib64/ld-linux-x86-64.so.2 (0x000000393cc00000)
        libfreebl3.so => /lib64/libfreebl3.so (0x00007fe59b3d9000)
        libdl.so.2 => /lib64/libdl.so.2 (0x00007fe59b1d4000)
You have new mail in /var/spool/mail/root
# ldd /usr/lib64/php/moduls/mysql.so
ldd: /usr/lib64/php/moduls/mysql.so: No such file or directory
# ldd /usr/lib64/php/moduls/mysqli.so
ldd: /usr/lib64/php/moduls/mysqli.so: No such file or directory
0
gheistCommented:
modulEs i meant
0
projectsAuthor Commented:
Sorry, not sure what you want?
0
gheistCommented:
ldd /usr/lib64/php/modules/mysqli.so
ldd /usr/lib64/php/modules/mysql.so
0
projectsAuthor Commented:
# ldd /usr/lib64/php/modules/mysqli.so
        linux-vdso.so.1 =>  (0x00007fff41398000)
        libmysqlclient.so.18 => /usr/lib64/mysql/libmysqlclient.so.18 (0x00007fd3adc6d000)
        libz.so.1 => /lib64/libz.so.1 (0x00007fd3ada57000)
        libm.so.6 => /lib64/libm.so.6 (0x00007fd3ad7d2000)
        librt.so.1 => /lib64/librt.so.1 (0x00007fd3ad5ca000)
        libssl.so.10 => /usr/lib64/libssl.so.10 (0x00007fd3ad35e000)
        libcrypto.so.10 => /usr/lib64/libcrypto.so.10 (0x00007fd3acf7a000)
        libdl.so.2 => /lib64/libdl.so.2 (0x00007fd3acd76000)
        libc.so.6 => /lib64/libc.so.6 (0x00007fd3ac9e2000)
        libpthread.so.0 => /lib64/libpthread.so.0 (0x00007fd3ac7c4000)
        libstdc++.so.6 => /usr/lib64/libstdc++.so.6 (0x00007fd3ac4be000)
        libgcc_s.so.1 => /lib64/libgcc_s.so.1 (0x00007fd3ac2a8000)
        /lib64/ld-linux-x86-64.so.2 (0x000000393cc00000)
        libgssapi_krb5.so.2 => /lib64/libgssapi_krb5.so.2 (0x00007fd3ac063000)
        libkrb5.so.3 => /lib64/libkrb5.so.3 (0x00007fd3abd7d000)
        libcom_err.so.2 => /lib64/libcom_err.so.2 (0x00007fd3abb79000)
        libk5crypto.so.3 => /lib64/libk5crypto.so.3 (0x00007fd3ab94c000)
        libkrb5support.so.0 => /lib64/libkrb5support.so.0 (0x00007fd3ab741000)
        libkeyutils.so.1 => /lib64/libkeyutils.so.1 (0x00007fd3ab53d000)
        libresolv.so.2 => /lib64/libresolv.so.2 (0x00007fd3ab323000)
        libselinux.so.1 => /lib64/libselinux.so.1 (0x00007fd3ab104000)

# ldd /usr/lib64/php/modules/mysql.so
        linux-vdso.so.1 =>  (0x00007fff4a3ff000)
        libmysqlclient.so.18 => /usr/lib64/mysql/libmysqlclient.so.18 (0x00007f4ebd3f8000)
        libc.so.6 => /lib64/libc.so.6 (0x00007f4ebd064000)
        libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f4ebce46000)
        libz.so.1 => /lib64/libz.so.1 (0x00007f4ebcc30000)
        libssl.so.10 => /usr/lib64/libssl.so.10 (0x00007f4ebc9c4000)
        libcrypto.so.10 => /usr/lib64/libcrypto.so.10 (0x00007f4ebc5e0000)
        libdl.so.2 => /lib64/libdl.so.2 (0x00007f4ebc3dc000)
        librt.so.1 => /lib64/librt.so.1 (0x00007f4ebc1d4000)
        libstdc++.so.6 => /usr/lib64/libstdc++.so.6 (0x00007f4ebbecd000)
        libm.so.6 => /lib64/libm.so.6 (0x00007f4ebbc49000)
        libgcc_s.so.1 => /lib64/libgcc_s.so.1 (0x00007f4ebba33000)
        /lib64/ld-linux-x86-64.so.2 (0x000000393cc00000)
        libgssapi_krb5.so.2 => /lib64/libgssapi_krb5.so.2 (0x00007f4ebb7ee000)
        libkrb5.so.3 => /lib64/libkrb5.so.3 (0x00007f4ebb508000)
        libcom_err.so.2 => /lib64/libcom_err.so.2 (0x00007f4ebb304000)
        libk5crypto.so.3 => /lib64/libk5crypto.so.3 (0x00007f4ebb0d7000)
        libkrb5support.so.0 => /lib64/libkrb5support.so.0 (0x00007f4ebaecc000)
        libkeyutils.so.1 => /lib64/libkeyutils.so.1 (0x00007f4ebacc8000)
        libresolv.so.2 => /lib64/libresolv.so.2 (0x00007f4ebaaae000)
        libselinux.so.1 => /lib64/libselinux.so.1 (0x00007f4eba88f000)
0
gheistCommented:
You can have one of two:
PHP 5.4 using libmysqlclient.so.18
XOR
mod_auth_mysql
using libmysqlclient.so.16
0
gheistCommented:
There is a chance to isolate them, but you must translate from suse to redhat yourself:
http://www.experts-exchange.com/OS/Linux/Q_28483323.html#a40230555
You are lucky bastard since your PHP kept running and just the new auth module does not.
0
projectsAuthor Commented:
Sorry, not following here.
What is it that you believe I am missing? Why do you think I've been lucky? What do I need to install?
0
gheistCommented:
PHP client loads way too new SQL client library, which prevents system-supplied library from being used by mod_auth_mysql.
It is how you installed. If you install from SCL it keeps client libraries intact.
0
projectsAuthor Commented:
I'm a bit confused about this reply however.

>You can have one of two:
>PHP 5.4 using libmysqlclient.so.18
>XOR
>mod_auth_mysql
>using libmysqlclient.so.16

I'm running php 5.4 now and also have mod_auth_mysql enabled.
If I want to keep running php 5.4, then I need libmysqlclient.so.18?
otherwise? libmysqlclient.so.16?

Not sure what this means.

Also, I've never used SCL before but I have built multi version tools such as perl.
0
gheistCommented:
You have answer, just read carefully.
No matter how convincing and helpless you look, two incompatible versions of same library cannot be used inside same process.
0
projectsAuthor Commented:
>Convincing and helpless?

Uh???

Anyhow, I don't have ANY  libmysqlclient.so installed at this moment and as I mentioned above, (ID: 40532571) not quite sure what you are suggesting.
0
gheistCommented:
does not matter from which package it is installed,  you cannot load them both in same process as they export same function names.
rpm -qf /usr/lib/libmysqlclient.so.1[68]

Your options:
1) Isolate apache and php via mod_fcgid
2) Return PHP to system-povided version
3) drop the idea of auth_mysql
0
projectsAuthor Commented:
I have the devel and libs packages installed for mysql but have not found any libmysqlclient.so.x anywhere on the server.

# repoquery --whatprovides *libmysqlclient*
mysql-devel-0:5.1.73-3.el6_5.i686
compat-mysql51-devel-0:5.1.54-1.el6.remi.x86_64
mysql-devel-0:5.1.73-3.el6_5.x86_64
mysql-libs-0:5.1.73-3.el6_5.i686
mysql-devel-0:5.5.41-1.el6.remi.x86_64
mysql-devel-0:5.5.40-1.el6.remi.x86_64
mysql-libs-0:5.5.40-1.el6.remi.x86_64
compat-mysql51-0:5.1.54-1.el6.remi.x86_64
abi-compliance-checker-0:1.99.9-1.el6.noarch
mysql-libs-0:5.5.41-1.el6.remi.x86_64
mysql-libs-0:5.1.73-3.el6_5.x86_64

# repoquery -l mysql-libs-0:5.1.71-1.el6.x86_64 | head -9
# rpm -q mysql-libs
mysql-libs-5.5.40-1.el6.remi.x86_64
# rpm -q mysql-devel
mysql-devel-5.5.40-1.el6.remi.x86_64

In all the years I've been running RHEL/Centos, I've never seen anything like this;

# yum whatprovides libmysqlclient.so.18
Loaded plugins: fastestmirror, priorities, security
Loading mirror speeds from cached hostfile
epel/metalink                                                                                                                                                            |  14 kB     00:00
 * base: mirrors.cat.pdx.edu
 * epel: mirror.hmc.edu
 * extras: mirror.raystedman.net
 * remi: mirrors.mediatemple.net
 * updates: centos.mirrors.hoobly.com
epel                                                                                                                                                                     | 4.4 kB     00:00
epel/primary_db                                                                                                                                                          | 6.4 MB     00:00
Warning: 3.0.x versions of yum would erroneously match against filenames.
 You can use "*/libmysqlclient.so.18" and/or "*bin/libmysqlclient.so.18" to get that behaviour
No Matches found

Open in new window

What in the world does the Warning and solution mean? Can't seem to find anything on searches.
0
gheistCommented:
Please:
$ rpm -qf /usr/lib/libmysqlclient.so.1[68]
Which packages provide the conflicting versions?

I do not care if you have repositories configured AT ALL. Conflict is in installed files on your system. Leave repositories and YUM alone.
0
projectsAuthor Commented:
It's interesting how you are scolding me and telling me I am acting helpless. I've told you that this is something I've not experienced before. The one time I did, I was able to install and run two different perl versions on the server.

Other times, when I need to upgrade something, say php, there will often be conflicts between the centos installed files or updates and the extra repos to allow for newer versions. I've usually always been able to work through those but the way you are explaining things is simply confusing me more than giving me answers.

I simply need you to better explain what the problem is.

You say please run this... I did and the result was the following.

# rpm -qf /usr/lib/libmysqlclient.so.1[68]
error: file /usr/lib/libmysqlclient.so.1[68]: No such file or directory

I've never run a query using such an extension as [68] so I am not even sure if that is the right command. That is why I posted all of the other stuff, because typically more information is better than not enough information.

I haven't been playing with yum other than to try and find out if I could pull together the right files, possibly working through the dependencies, etc.
So, what next?
0
gheistCommented:
I meant...
rpm -qf /usr/lib64/mysql/libmysqlclient.so.1[86]
0
projectsAuthor Commented:
Ok then, here is the result

# rpm -qf /usr/lib64/mysql/libmysqlclient.so.1[86]
compat-mysql51-5.1.54-1.el6.remi.x86_64
mysql-libs-5.5.40-1.el6.remi.x86_64
0
gheistCommented:
Easiest to get dbd_mysql working is to split php from httpd using mod_fcgid. It will not work as it is with current software combination.
0
projectsAuthor Commented:
It could be a solution for someone but I'm not sure that this would work for me.
There are quite a number of connections and this would add yet another layer/load on apache.

It is a lead however but perhaps there is some other way of doing it. I'll look at the possibility of downgrading or upgrading everything so that all versions match better yet still run what I need.

At this point, can you tell me what is the end result that I am after.
Is it the mysql-libs which aren't compatible and if so, what am I trying to get to. And does mysql-libs give me the libmysqlclient that is not installed, which is what I am after?
0
gheistCommented:
You will unload PHP from all apache processes, so there will be just couple of PHP processes with high RAM use and small apache processes without modules.
0
gheistCommented:
You need to downgrade PHP to PHP 5.3 as included with system, then upgrade to SCL PHP54
Then PHP and dbd_mysql qill use libmysqlclient16 aka MySQL 5.1 client.
If you can make a desktop virtualisation solution maybe it helps to sort out the process.
Maybe you just swap all files on the disk and get through with single apache restart.
Also ir may reach dead end that some used php module is not available in SCL - so better try outside the system first.
Probably you need to add exclude=php\* to remi repository definiton to prevent unvanted shifts to no good.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
projectsAuthor Commented:
I've looked for solutions excluding remi as well. I can't downgrade because other apps need the newer php.
Guess my only option is to fire up another server and use it for this particular application.

Thanks for all the help. Hopefully, someone else can get something out of this question too :)
0
gheistCommented:
You have PHP 5.4 and SCL has PHP 5.4. What do you want to downgrade?
0
projectsAuthor Commented:
I meant that I could build another server using only generic Centos packages instead of using remi and others.

When I use additional repos, I simply call them up with yum otherwise, they are set to 0.

This seems to be the SCL solution you are suggesting.

http://blog.famillecollet.com/post/2012/11/20/PHP-5.4-as-Software-Collection
0
gheistCommented:
Not really
yum install centos-release-SCL
yum --enablerepo=scl list

More here:
http://wiki.centos.org/AdditionalResources/Repositories/SCL
0
projectsAuthor Commented:
Thanks for the better lead. I'll get on this in the next few weeks.
0
gheistCommented:
epel is one that adds packages (not replaces), jpackage is for you if you use java.
remi is dangerous as you see...
And why not jump on CentOS7 with the "good" versions in place for few years to come?
0
projectsAuthor Commented:
Yes, that is a good point. The problem is that the server in this case is sitting in a data center so it's all remote. Not sure I can upgrade from 6.6 to 7 safely remotely. I'll have to look into that.
0
gheistCommented:
It is "supported" though i'd make a good target practice before on desktop VMs if I was to do it.

I think as first iteration you can try
list php*remi packages
check if you can get respective php54*alt packages (SCL)
yum install --downloadonly last
yum remove first
yum install last
(remi may not keep config files after uninstall, so backup backup backp)
Once done you have PHP that uses PHP 5.1 client (libmysqlclient.16) and can work in apache that uses mod_dbd_mysql.

That saves mysql auth module until you have time to decide about update.

yum-utils includes nice yumdownloader, that can save exact set of installed PHP RPMs if you must revert
0
projectsAuthor Commented:
How interesting... I could actually delete all of the remi stuff now that 5.4 is available to centos.

# yum list installed | grep remi
compat-mysql51.x86_64               5.1.54-1.el6.remi                  @remi
mysql.x86_64                        5.5.40-1.el6.remi                  @remi
mysql-connector-python.noarch       1.1.6-1.el6.remi                   @remi
mysql-devel.x86_64                  5.5.40-1.el6.remi                  @remi
mysql-libs.x86_64                   5.5.40-1.el6.remi                  @remi
mysql-server.x86_64                 5.5.40-1.el6.remi                  @remi
mysql-utilities.noarch              1.3.6-1.el6.remi                   @remi
php.x86_64                          5.4.32-1.el6.remi                  @remi
php-bcmath.x86_64                   5.4.32-1.el6.remi                  @remi
php-channel-phpseclib.noarch        1.3-1.el6.remi                     @remi
php-cli.x86_64                      5.4.32-1.el6.remi                  @remi
php-common.x86_64                   5.4.32-1.el6.remi                  @remi
php-devel.x86_64                    5.4.32-1.el6.remi                  @remi
php-gd.x86_64                       5.4.32-1.el6.remi                  @remi
php-imap.x86_64                     5.4.32-1.el6.remi                  @remi
php-mbstring.x86_64                 5.4.32-1.el6.remi                  @remi
php-mcrypt.x86_64                   5.4.32-1.el6.remi                  @remi
php-mysql.x86_64                    5.4.32-1.el6.remi                  @remi
php-pdo.x86_64                      5.4.32-1.el6.remi                  @remi
php-pear.noarch                     1:1.9.5-3.el6.remi                 @remi
php-php-gettext.noarch              1.0.11-4.el6.remi                  @remi
php-phpseclib-crypt-aes.noarch      0.3.7-1.el6.remi                   @remi
php-phpseclib-crypt-base.noarch     0.3.7-1.el6.remi                   @remi
php-phpseclib-crypt-rijndael.noarch 0.3.7-1.el6.remi                   @remi
php-process.x86_64                  5.4.32-1.el6.remi                  @remi
php-recode.x86_64                   5.4.32-1.el6.remi                  @remi
php-soap.x86_64                     5.4.32-1.el6.remi                  @remi
php-tcpdf.noarch                    6.0.093-1.el6.remi                 @remi
php-tcpdf-dejavu-sans-fonts.noarch  6.0.093-1.el6.remi                 @remi
php-tidy.x86_64                     5.4.32-1.el6.remi                  @remi
php-xml.x86_64                      5.4.32-1.el6.remi                  @remi
phpMyAdmin.noarch                   4.2.8-1.el6.remi                   @remi
remi-release.noarch                 6.5-1.el6.remi                     installed

Open in new window


]# yum info php
Loaded plugins: fastestmirror, priorities, security
Loading mirror speeds from cached hostfile
 * base: mirrors.easynews.com
 * extras: centos-distro.cavecreek.net
 * updates: repos.lax.quadranet.com
Installed Packages
Name        : php
Arch        : x86_64
Version     : 5.4.32
Release     : 1.el6.remi
Size        : 9.2 M
Repo        : installed
From repo   : remi
Summary     : PHP scripting language for creating dynamic web sites
URL         : http://www.php.net/
License     : PHP and Zend and BSD
Description : PHP is an HTML-embedded scripting language. PHP attempts to make it
            : easy for developers to write dynamically generated web pages. PHP also
            : offers built-in database integration for several commercial and
            : non-commercial database management systems, so writing a
            : database-enabled webpage with PHP is fairly simple. The most common
            : use of PHP coding is probably as a replacement for CGI scripts.
            :
            : The php package contains the module (often referred to as mod_php)
            : which adds support for the PHP language to Apache HTTP Server.

Open in new window

0
gheistCommented:
The remi package mysql51-compat provides enough for php mysql client to connect (though it is not a good practive to replace system packages as done by remi, but it will suffice for us.

Please review if you really depend on missing packages. If not just jump....

That yields required package list:
php54-php
php54-php-bcmath
php54-php-channel-phpseclib
php54-php-cli
php54-php-common
php54-php-devel
php54-php-gd
php54-php-imap
php54-php-mbstring
php54-php-mcrypt
php54-php-mysql
php54-php-pdo
php54-php-pear
php54-php-php-gettext
php54-php-phpseclib-crypt-aes
php54-php-phpseclib-crypt-base
php54-php-phpseclib-crypt-rijndael
php54-php-process
php54-php-recode
php54-php-soap
php54-php-tcpdf
php54-php-tcpdf-dejavu-sans-fonts
php54-php-tidy
php54-php-xml

Open in new window

On a clean Centos 6.6 installed from minimal iso:
No package php54-php-channel-phpseclib available.
No package php54-php-mcrypt available.
No package php54-php-php-gettext available.
No package php54-php-phpseclib-crypt-aes available.
No package php54-php-phpseclib-crypt-base available.
No package php54-php-phpseclib-crypt-rijndael available.
No package php54-php-tcpdf available.
No package php54-php-tcpdf-dejavu-sans-fonts available.

Open in new window

...
9.3M to download.

Rijndael is working name before it became AES...
Me no clue what is the rest.
0
projectsAuthor Commented:
Thanks for all the info, I will refer back to this question once I have able to work on this.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Apache Web Server

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.