Solved

Apache 2.2 authn_dbd MySQL centos

Posted on 2014-11-22
71
487 Views
Last Modified: 2015-01-16
Seem using authn_dbd MySQL is somewhat new and searching the net only finds lots and lots of people having problems or overly complicated documents on how to set things up.

I'll give the experts a shot and see if someone would be kind enough to walk me through this and help me get this working on Centos 6.5.

Currently, I am using htaccess and htpasswd to authenticate connections to a web site. I already have a MySQL table called htaccess where my username/password are being stored. This is generated by another application and I then run a bash script to extract the credentials now and then, rebuilding my .htpasswd file.

Now, I'd like to stop using the .htpasswd file and use the database directly for authentication.

I have both mod_authn_dbd.so and mod_dbd.so enabled and am ready to do the steps needed to convert from .htpasswd to db.

The server is Centos 6.5.
mysql-5.5.40
httpd-2.2.15

Help!
0
Comment
Question by:projects
  • 34
  • 21
  • 15
71 Comments
 
LVL 7

Expert Comment

by:Phil Davidson
Comment Utility
I'm assuming you could not run manual updates (e.g., look at the contents of the .htpasswd file and make SQL inserts).  In any case the target database in the mysql database is mysql.user.  You could write  a Perl script to automatically put the username/password combinations into mysql.user from the .htpasswd file.  The mysql.user table does authentication.

For more information on this table, read this: http://dev.mysql.com/doc/refman/5.1/en/adding-users.html
0
 

Author Comment

by:projects
Comment Utility
I already have my users and passwords in mysql. What I am wanting to do is to set up apache to use that databate table to authenticate users instead of an .htpasswd file.
0
 
LVL 7

Expert Comment

by:Phil Davidson
Comment Utility
You need to install the Apache Portable Runtime module to permit MySQL database authentication.  The one you need is named mod_authn_dbd.

On the apache server, go to the Linux prompt and try this:
$ sudo apt-get install libaprutil1-dbd-mysql

Open in new window


If you get a message like “DBD: Can’t load driver file apr_dbd_mysql.so” then this is what you need to do – don’t believe the articles that tell you you need to recompile APR

(The above command and above quote were taken from this site: https://alimanfoo.wordpress.com/2010/11/17/apache-authentication-and-mysql/
CentOS may require a different command in your environment however.  The article above is for Ubuntu.)

To learn about the module that enables you to bypass the .htpasswd file, go here:
http://httpd.apache.org/docs/2.2/mod/mod_authn_dbd.html

You may need to use a special Apache encryption on the table that has the usernames and passwords (as opposed to a default encryption method):
http://httpd.apache.org/docs/2.2/misc/password_encryptions.html

Remember to use best practices with security.  You may want to put the Apache server in a DMZ and the database server behind a firewall.  You may want to use Security Enhanced Linux, disable services you don't need (e.g., cron, ICMP, etc.)  You may want to enable IP tables and make sure everything is patched.  I recommend using an IDS that is a separate appliance from a firewall.
0
 

Author Comment

by:projects
Comment Utility
Yes, I have the proper modules loaded.
I have iptables enabled of course but not sure what you mean by patched? Do you just mean Centos being fully updated?

The link you sent me;
http://httpd.apache.org/docs/2.2/mod/mod_authn_dbd.html

seems to imply that all I need is some directives and no more need for .htaccess?
0
 
LVL 7

Expert Comment

by:Phil Davidson
Comment Utility
I don't think you'll need .htaccess.  The MySQL database will do the authentication.

I have iptables enabled of course but not sure what you mean by patched? Do you just mean Centos being fully updated?

Yes, I mean update CentOS regularly.

Did you install the DBD module?
0
 

Author Comment

by:projects
Comment Utility
Yes, it's installed. Yes, Centos is always updated.

My hope was to be walked through this because reading endless documents is simply more confusing than having someone help you one step at a time.
0
 
LVL 7

Expert Comment

by:Phil Davidson
Comment Utility
Every environment is different.  The starting point and goal are also different.  Using a MySQL database is great for busy web servers handling large numbers of authentications.  (Flat files with Apache aren't as efficient as utilizing a database for authentication.)

While I know you don't want to read endless documents, your goal is fairly ambitious.  I think this URL may help: http://bignosebird.com/notebook/mysqlauth.shtml

I am still willing to answer specific questions if that document above doesn't help.  Good luck with what you decide.  I wish I could have done more from the beginning.
0
 

Author Comment

by:projects
Comment Utility
Ambitious? The user names and the passwords are already in mysql. All I need to know is how to set up apache to use that. It's already working using .htaccess and .htpasswd. Why do you think this is ambitious?

Currently, I am generating an .htpasswd file by looking up the data in that table and regenerating a new .htpasswd. However, at some point, this will not be very efficient so would like to change .htpasswd to mysql lookup instead.
0
 
LVL 7

Expert Comment

by:Phil Davidson
Comment Utility
Is your httpd.conf file configured to use MySQL?

This stanza should appear:
Auth_MySQL_Info coolServer mike coolPassword

Where coolServer is the name of your server.  Where mike is a user that has access to the authentication table in the MySQL database and coolPassword is mike's password for the MySQL table.
0
 

Author Comment

by:projects
Comment Utility
And how do I test this?
I mean, where do I see or test for this stanza?
0
 
LVL 7

Expert Comment

by:Phil Davidson
Comment Utility
You won't see it in the httpd.conf file.  Make a backup of the file.  Then you should insert that stanza into httpd.conf (usually in /etc/httpd/conf/).  (Naturally it needs to be modified as I used coolServer, mike, and coolPassword.) It should not be: 1) the last line in the file.  2) in the virtualhost section of this file. 3) in the directory section of this file.

I would try relatively high in the httpd.conf file.  But remember the three requirements above.  If you wanted a blended authentication (with some htaccess files), that may be possible.  But then the placement of this stanza becomes even more critical.

To test it, you could try stopping and restarting Apache services.  I would try a couple different places if the first attempt doesn't work.
0
 

Author Comment

by:projects
Comment Utility
I see no mention of the actual database however so apache would not know which db to use?

Looks like this also needs to be added
Auth_MySQL_General_DB database_name

BUT, that leads to an error.

Starting httpd: Syntax error on line 27 of /etc/httpd/conf/httpd.conf:
Invalid command 'Auth_MySQL_Info', perhaps misspelled or defined by a module not included in the server configuration


I would really prefer to use .htaccess for this instead of changing httpd.conf however.
0
 
LVL 7

Expert Comment

by:Phil Davidson
Comment Utility
You can use .htaccess instead of httpd.conf.  I am less familiar with this method.

Please find a spot that looks good in the .htaccess file for this:

AuthName "MySQL Testing"
 AuthType Basic
 AuthMySQLHost nameOfServerHostingMySQLDB
 AuthMySQLDB nameOfMySQLDB
 AuthMySQLUserTable mysql_user
 AuthMySQLEnable On
 require valid-user

Open in new window


The AuthName value is arbitrary and should be descriptive.  It is the name of a "realm."  This directive (or realm assignment) can enhance debugging (e.g., in logs or at runtime) by providing context.
0
 

Author Comment

by:projects
Comment Utility
Wait now, so I don't mess something up.
You are saying remove the items I put into httpd.conf and put these in .htaccess instead?
Now, I see I can now add the db name but where do I enter the rest of the credentials?
0
 
LVL 7

Expert Comment

by:Phil Davidson
Comment Utility
You are saying remove the items I put into httpd.conf and put these in .htaccess instead?

Actually I would remove them but NOT put them in htaccess.

Now, I see I can now add the db name but where do I enter the rest of the credentials?

The credentials that the users will enter?  The credentials that will presumably be used to validate the user/password attempt from the web page?

If you were asking the latter question, add these stanzas:
   AuthMySQLUser nonRootUser
   AuthMySQLPassword  thePasswordForAboveUser

Open in new window


nonRootUser is the user name of a database account that has select (read) permissions on the mysql_user table.  thePasswordForAbover user is the password for this account.  Don't use the root user.

I should have included the above code stanzas in the last response.  I recommend you read this link if you have additional questions: http://modauthmysql.sourceforge.net/CONFIGURE
0
 

Author Comment

by:projects
Comment Utility
Sorry, totally confused now :).

You said not in httpd but also not in .htaccess so where then?
The stanza you first showed didn't contain the database name.
Everything I find on the net is nothing but confusing because everyone is telling everyone else to use directives which are too often different in each reply. I've tried many combinations in the replies that I've read and nothing has worked.

My question is simply trying to figure out where to put the correct directives for apache to know to look up the user credentials in the right database and table.

The users/passwords are all in a table so all I need to do is tell apache what it's allowed credentials are to connect to the database and authenticate the user, one of many in that table.
0
 
LVL 7

Expert Comment

by:Phil Davidson
Comment Utility
Sorry once again.  For this quote, let me make a correction.

Actually I would remove them but NOT put them in htaccess.

Do remove them from httpd.conf.  Do put them into .htaccess.

Have you tried putting these in .htaccess?  (Naturally some of the values are symbolic and you'd have to change the nonRootUser and thePasswordForAboveUser.

 AuthName "MySQL Testing"
 AuthType Basic
 AuthMySQLHost nameOfServerHostingMySQLDB
 AuthMySQLDB nameOfMySQLDB
 AuthMySQLUserTable mysql_user
 AuthMySQLEnable On
 AuthMySQLUser nonRootUser
 AuthMySQLPassword  thePasswordForAboveUser
 require valid-user

Open in new window


What happens when you try to access the web page?  Is there a place to enter credentials (that will be validated against the mysql_user table)?  I'd like to know the error message (if any) or the undesired behavior.
0
 

Author Comment

by:projects
Comment Utility
I'm sorry, things got confusing again. Earlier, you said I could do it all in htaccess but just above you said NO, don't remove the stanza from the httpd.conf file.

If you can confirm the steps, I'll make sure they are done.

1: add or don't add the following in httpd.conf;
Auth_MySQL_Info localhost dbuser dbpassword
Auth_MySQL_General_DB database_name

2: add this into .htaccess for the directory I want to protect

 AuthName "MySQL Testing"
 AuthType Basic
 AuthMySQLHost nameOfServerHostingMySQLDB
 AuthMySQLDB nameOfMySQLDB
 AuthMySQLUserTable mysql_user
 AuthMySQLEnable On
 AuthMySQLUser nonRootUser
 AuthMySQLPassword  thePasswordForAboveUser
 require valid-user


So, what is not clear is where I am actually putting the db credentials because I am almost sure they aren't needed in both the httpd.conf and the .htaccess file.

The authentication simply needs to look at the database table which contains all of the username/password details for the allowed users.
0
 
LVL 7

Expert Comment

by:Phil Davidson
Comment Utility
1: add or don't add the following in httpd.conf;
Auth_MySQL_Info localhost dbuser dbpassword
Auth_MySQL_General_DB database_name


Don't add.


2: add this into .htaccess for the directory I want to protect

 AuthName "MySQL Testing"
 AuthType Basic
 AuthMySQLHost nameOfServerHostingMySQLDB
 AuthMySQLDB nameOfMySQLDB
 AuthMySQLUserTable mysql_user
 AuthMySQLEnable On
 AuthMySQLUser nonRootUser
 AuthMySQLPassword  thePasswordForAboveUser
 require valid-user

Yes, add it.

So, what is not clear is where I am actually putting the db credentials because I am almost sure they aren't needed in both the httpd.conf and the .htaccess file.

They are NOT needed in the httpd.conf file.  They are needed in the .htaccess file.
0
 

Author Comment

by:projects
Comment Utility
Ok, so, nothing in httpd.conf.

I've created a /test directory and put the new .htaccess file in there.
Without it, I simply get a directory listing and with it, I get prompted.

The username/password are in the db table I've specified but after I enter the credentials, the credentials pop up simply keeps popping up.

Note that the passwords in the DB are not encrypted, perhaps that is why?
0
 
LVL 7

Expert Comment

by:Phil Davidson
Comment Utility
Can you create a MySQL connection with the username and password that were hardcoded in the .htaccess file?  If you cannot, that is the problem.  This username and password should be possible to log into the database directly (without a web page).  The username and password should be able to access at minimum the table with the user credentials. This table will have the username and password pairs that will ultimately give access to the folder (web page) you want to protect.

There are different ways of connecting to a MySQL database (e.g., from the command prompt or from a SQL front end like TOAD).
0
 

Author Comment

by:projects
Comment Utility
Yes, I use the same credentials for other things as well locally on the system.
Just tested from the command line to make sure something odd wasn't in the mix and I got in fine.
0
 
LVL 7

Expert Comment

by:Phil Davidson
Comment Utility
When access it via the web page, do you get locked out after 5 attempts?  Can you set the maximum attempts to something like 3 or 5, then try to lock yourself out.  Please tell me if you get locked out (e.g., with an error or some form of proof in the database table).  I'm not sure how far those credentials are getting in the authentication process.

Now that we know the credentials work, can you get into the MySQL database with those credentials via a SQL front end application (e.g., TOAD, SQL Golden etc.).  Maybe there is some network or security issue preventing the remote authentication.
0
 

Author Comment

by:projects
Comment Utility
Yes, those same credentials are being used by another application at all times which is also how I know it's working.

Also, I have a script I use to read the database for certain things in that same table so also know it's working because of this.

Tried it some seven times and never locked me out.
I don't have any lock out setting. What should I add to test again?

I put the .htaccess directly into the directory I am testing and not at the top of the site.
Mainly because I don't want to disrupt anything else that is going on, on this site.
0
 
LVL 7

Expert Comment

by:Phil Davidson
Comment Utility
Can you start the mysqld process with the debug option?

http://dev.mysql.com/doc/refman/4.1/en/server-options.html#option_mysqld_debug

If you can do this, then try to log in several times. There should be debugging information.  If the username or password don't work, that would help us.  If the debugging trace only shows connections done on the server, and not the failed attempts from the web page, that would help us isolate the problem (as the credentials may not even be getting to the mysql.user table).
0
 

Author Comment

by:projects
Comment Utility
I do see this in the logs;

MySQL ERROR: Unknown column 'user_password' in 'field list': /test/
MySQL user xxxxx not found: /test/

I have my test .htaccess file in the /test directory. I've not idea why there is this error. There is no mention of 'user_password' anywhere. The file has the proper credentials, database and table configured.
0
 
LVL 7

Expert Comment

by:Phil Davidson
Comment Utility
I am not 100% sure that the message pertains to the user credentials being entered on the website or the authentication of the file itself to the MySQL database and mysql_user table.

What are the names of the usernames and passwords columns in mysql_user table?

Can you restart the MySQL database and try again for good measure?  Please restart apache webservices too.

Can you search the .htaccess file for the user_password?  Was it something that you may have added earlier or separately?
0
 

Author Comment

by:projects
Comment Utility
Rather confusing no? This should work?

The file contains;

AuthName "No Logging"
AuthType Basic
AuthMySQLHost localhost
AuthMySQLDB dbname
AuthMySQLUserTable htaccess
AuthMySQLEnable On
AuthMySQLUser xxxx
AuthMySQLPassword xxxx
require valid-user

The htaccess table has only two fields, username and password

I restarted mysql, no difference.

Tested again;

MySQL ERROR: Unknown column 'user_password' in 'field list': /test/
MySQL user testuser not found: /test/

I was thinking... can I change any line/s in this to test if my .htpasswd file would work?
0
 
LVL 7

Expert Comment

by:Phil Davidson
Comment Utility
can I change any line/s in this to test if my .htpasswd file would work?

Make a backup.  Then yes, test away.  This is I.T., so please don't give up.  After you back it up, you may want to delete it.  It should be a collection of username and password pairs. But the password won't be recongnizable.  If you can delete it, you may eliminate problems.  I'll be honest, it may be necessary.  So please keep the backup.

What are the names of the usernames and passwords columns in mysql_user table called?  Do you refer to htaccess and mysql_user interchangably to describe this table?  The configuration above is expecting the MySQL name to be htaccess.  It also expects the database to be on the web server itself.  I'm assuming you used "dbname" in the posting above as a placeholder (otherwise the database name must be dbname for the configuration file to work).

Does the web server have the MySQL database on it?  The file is configured that way.  It is ok to not use a multi-tiered configuration (with a separate MySQL database server and a separate web server).  I just want to double check.

For future reference I place three links that could help us fix this problem:

This URL has a good section called "Using a MySQL database for Apache Authentication":
http://www.yolinux.com/TUTORIALS/LinuxTutorialApacheAddingLoginSiteProtection.html

If you cannot find help with that page, please check this one too: http://www.widexl.com/tutorials/htaccess.html

A more thorough resource: http://httpd.apache.org/docs/current/howto/auth.html
0
 

Author Comment

by:projects
Comment Utility
>Make a backup

Yes, I always have backups :).

>After you back it up, you may want to delete it.  It should be a collection of username and password >pairs. But the password won't be recongnizable.  If you can delete it, you may eliminate problems.

What I meant was, change some lines in the htaccess in order to test that it works using the .htpasswd file I am already using with other connections until I can get this working.

>What are the names of the usernames and passwords columns in mysql_user table called?  
>Do you refer to htaccess and mysql_user interchangably to describe this table?

As mentioned above...

Table htaccess in database xxx
Select all. | Invert selection.
    	Field name    	Type    	Allow nulls?    	Key    	Default value    	Extras   
	username 	varchar(45) 	No 	Primary 	NULL 	
	password 	char(45) 	No 	None 	NULL

Open in new window


>It also expects the database to be on the web server itself.

Yes, the database is on the local server.  

>I'm assuming you used "dbname" in the posting above as a placeholder

Yes, of course :).

>Does the web server have the MySQL database on it?

Yes, of course :).

>It is ok to not use a multi-tiered configuration (with a separate MySQL database server and a
>separate web server).  I just want to double check.

Yes, on occasion, I have to do that, use multiple external MySQL servers with one or more applications. This happens but in this case, it's nice and simple, a test setup using simple field names to get this working.

>For future reference I place three links that could help us fix this problem:

I have read until my eyes could bleed and is why I have posted this question for help.
0
 
LVL 61

Expert Comment

by:gheist
Comment Utility
Yes, CentOS is updated, but not within last 12 months, at least version number says so...
How did you get mysql 5.5.40 if default is 5.1?
0
 

Author Comment

by:projects
Comment Utility
I always use remi/epel repos when I need to run newer versions of la,p related things.
0
 
LVL 61

Expert Comment

by:gheist
Comment Utility
rpm -ql | grep ^php

yum info XXXX (where XXXX is php- the one you have instaled)
I just need repository...

It should not load different mysql client library than apache (libmyslqclient*) - please check that you have one only.
0
 

Author Comment

by:projects
Comment Utility
Installed Packages
Name        : php
Arch        : x86_64
Version     : 5.4.32
Release     : 1.el6.remi
Size        : 9.2 M
Repo        : installed
From repo   : remi
Summary     : PHP scripting language for creating dynamic web sites
URL         : http://www.php.net/
License     : PHP and Zend and BSD
Description : PHP is an HTML-embedded scripting language. PHP attempts to make it
            : easy for developers to write dynamically generated web pages. PHP also
            : offers built-in database integration for several commercial and
            : non-commercial database management systems, so writing a
            : database-enabled webpage with PHP is fairly simple. The most common
            : use of PHP coding is probably as a replacement for CGI scripts.
            :
            : The php package contains the module (often referred to as mod_php)
            : which adds support for the PHP language to Apache HTTP Server.

Installed Packages
Name        : mysql
Arch        : x86_64
Version     : 5.5.40
Release     : 1.el6.remi
Size        : 29 M
Repo        : installed
From repo   : remi
Summary     : MySQL client programs and shared libraries
URL         : http://www.mysql.com
License     : GPLv2 with exceptions and LGPLv2 and BSD
Description : MySQL is a multi-user, multi-threaded SQL database server. MySQL is a
            : client/server implementation consisting of a server daemon (mysqld)
            : and many different client programs and libraries. The base package
            : contains the standard MySQL client programs and generic MySQL files.
0
 
LVL 61

Expert Comment

by:gheist
Comment Utility
libmysqlclient* ?
Now guess which php modules are active and verify that it's all mysql modules load exactly same mysql libraries as apache mysql module.

it is not easy but http://wiki.centos.org/AdditionalResources/Repositories/SCL you can get same with centos
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 

Author Comment

by:projects
Comment Utility
Nothing what so ever for libmysqlclient. Don't ever recall needing that for LAMP setups.
php-mysql 5.4.32-1.el6.remi
mysql 5.5.40-1.el6.remi

All that's needed for php/mysql access however is mysql, the client and php-mysql which are both installed.

Not quite sure what you are asking for but, I also have the following installed. Remember that I also have a number of web sites running on this server so have all standard LAMP things installed too.

Are you asking me to list all php loaded modules?

core prefork http_core mod_so mod_auth_basic mod_authn_dbd mod_dbd mod_auth_digest mod_authn_file mod_authn_alias mod_authn_anon mod_authn_dbm mod_authn_default mod_authz_host mod_authz_user mod_authz_owner mod_authz_groupfile mod_authz_dbm mod_authz_default util_ldap mod_authnz_ldap mod_include mod_log_config mod_logio mod_env mod_ext_filter mod_mime_magic mod_expires mod_deflate mod_headers mod_usertrack mod_setenvif mod_mime mod_dav mod_status mod_autoindex mod_info mod_dav_fs mod_vhost_alias mod_negotiation mod_dir mod_actions mod_speling mod_userdir mod_alias mod_substitute mod_rewrite mod_proxy mod_proxy_balancer mod_proxy_ftp mod_proxy_http mod_proxy_ajp mod_proxy_connect mod_cache mod_suexec mod_disk_cache mod_cgi mod_version mod_auth_mysql mod_php5 mod_ssl
0
 
LVL 61

Expert Comment

by:gheist
Comment Utility
Are all mysql clients loaded inside same apache process linked to same libmysqlclient.so.XXX library?

ldd /usr/lib64/httpd/modules/mod_auth_mysql.so
ldd /usr/lib64/php/moduls/mysql.so
ldd /usr/lib64/php/moduls/mysqli.so
0
 

Author Comment

by:projects
Comment Utility
# ldd /usr/lib64/httpd/modules/mod_auth_mysql.so
        linux-vdso.so.1 =>  (0x00007fff3770b000)
        libmysqlclient.so.16 => /usr/lib64/mysql/libmysqlclient.so.16 (0x00007fe59c4ef000)
        libc.so.6 => /lib64/libc.so.6 (0x00007fe59c15b000)
        libpthread.so.0 => /lib64/libpthread.so.0 (0x00007fe59bf3d000)
        libcrypt.so.1 => /lib64/libcrypt.so.1 (0x00007fe59bd06000)
        libnsl.so.1 => /lib64/libnsl.so.1 (0x00007fe59baed000)
        libm.so.6 => /lib64/libm.so.6 (0x00007fe59b868000)
        libz.so.1 => /lib64/libz.so.1 (0x00007fe59b652000)
        /lib64/ld-linux-x86-64.so.2 (0x000000393cc00000)
        libfreebl3.so => /lib64/libfreebl3.so (0x00007fe59b3d9000)
        libdl.so.2 => /lib64/libdl.so.2 (0x00007fe59b1d4000)
You have new mail in /var/spool/mail/root
# ldd /usr/lib64/php/moduls/mysql.so
ldd: /usr/lib64/php/moduls/mysql.so: No such file or directory
# ldd /usr/lib64/php/moduls/mysqli.so
ldd: /usr/lib64/php/moduls/mysqli.so: No such file or directory
0
 
LVL 61

Expert Comment

by:gheist
Comment Utility
modulEs i meant
0
 

Author Comment

by:projects
Comment Utility
Sorry, not sure what you want?
0
 
LVL 61

Expert Comment

by:gheist
Comment Utility
ldd /usr/lib64/php/modules/mysqli.so
ldd /usr/lib64/php/modules/mysql.so
0
 

Author Comment

by:projects
Comment Utility
# ldd /usr/lib64/php/modules/mysqli.so
        linux-vdso.so.1 =>  (0x00007fff41398000)
        libmysqlclient.so.18 => /usr/lib64/mysql/libmysqlclient.so.18 (0x00007fd3adc6d000)
        libz.so.1 => /lib64/libz.so.1 (0x00007fd3ada57000)
        libm.so.6 => /lib64/libm.so.6 (0x00007fd3ad7d2000)
        librt.so.1 => /lib64/librt.so.1 (0x00007fd3ad5ca000)
        libssl.so.10 => /usr/lib64/libssl.so.10 (0x00007fd3ad35e000)
        libcrypto.so.10 => /usr/lib64/libcrypto.so.10 (0x00007fd3acf7a000)
        libdl.so.2 => /lib64/libdl.so.2 (0x00007fd3acd76000)
        libc.so.6 => /lib64/libc.so.6 (0x00007fd3ac9e2000)
        libpthread.so.0 => /lib64/libpthread.so.0 (0x00007fd3ac7c4000)
        libstdc++.so.6 => /usr/lib64/libstdc++.so.6 (0x00007fd3ac4be000)
        libgcc_s.so.1 => /lib64/libgcc_s.so.1 (0x00007fd3ac2a8000)
        /lib64/ld-linux-x86-64.so.2 (0x000000393cc00000)
        libgssapi_krb5.so.2 => /lib64/libgssapi_krb5.so.2 (0x00007fd3ac063000)
        libkrb5.so.3 => /lib64/libkrb5.so.3 (0x00007fd3abd7d000)
        libcom_err.so.2 => /lib64/libcom_err.so.2 (0x00007fd3abb79000)
        libk5crypto.so.3 => /lib64/libk5crypto.so.3 (0x00007fd3ab94c000)
        libkrb5support.so.0 => /lib64/libkrb5support.so.0 (0x00007fd3ab741000)
        libkeyutils.so.1 => /lib64/libkeyutils.so.1 (0x00007fd3ab53d000)
        libresolv.so.2 => /lib64/libresolv.so.2 (0x00007fd3ab323000)
        libselinux.so.1 => /lib64/libselinux.so.1 (0x00007fd3ab104000)

# ldd /usr/lib64/php/modules/mysql.so
        linux-vdso.so.1 =>  (0x00007fff4a3ff000)
        libmysqlclient.so.18 => /usr/lib64/mysql/libmysqlclient.so.18 (0x00007f4ebd3f8000)
        libc.so.6 => /lib64/libc.so.6 (0x00007f4ebd064000)
        libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f4ebce46000)
        libz.so.1 => /lib64/libz.so.1 (0x00007f4ebcc30000)
        libssl.so.10 => /usr/lib64/libssl.so.10 (0x00007f4ebc9c4000)
        libcrypto.so.10 => /usr/lib64/libcrypto.so.10 (0x00007f4ebc5e0000)
        libdl.so.2 => /lib64/libdl.so.2 (0x00007f4ebc3dc000)
        librt.so.1 => /lib64/librt.so.1 (0x00007f4ebc1d4000)
        libstdc++.so.6 => /usr/lib64/libstdc++.so.6 (0x00007f4ebbecd000)
        libm.so.6 => /lib64/libm.so.6 (0x00007f4ebbc49000)
        libgcc_s.so.1 => /lib64/libgcc_s.so.1 (0x00007f4ebba33000)
        /lib64/ld-linux-x86-64.so.2 (0x000000393cc00000)
        libgssapi_krb5.so.2 => /lib64/libgssapi_krb5.so.2 (0x00007f4ebb7ee000)
        libkrb5.so.3 => /lib64/libkrb5.so.3 (0x00007f4ebb508000)
        libcom_err.so.2 => /lib64/libcom_err.so.2 (0x00007f4ebb304000)
        libk5crypto.so.3 => /lib64/libk5crypto.so.3 (0x00007f4ebb0d7000)
        libkrb5support.so.0 => /lib64/libkrb5support.so.0 (0x00007f4ebaecc000)
        libkeyutils.so.1 => /lib64/libkeyutils.so.1 (0x00007f4ebacc8000)
        libresolv.so.2 => /lib64/libresolv.so.2 (0x00007f4ebaaae000)
        libselinux.so.1 => /lib64/libselinux.so.1 (0x00007f4eba88f000)
0
 
LVL 61

Expert Comment

by:gheist
Comment Utility
You can have one of two:
PHP 5.4 using libmysqlclient.so.18
XOR
mod_auth_mysql
using libmysqlclient.so.16
0
 
LVL 61

Expert Comment

by:gheist
Comment Utility
There is a chance to isolate them, but you must translate from suse to redhat yourself:
http://www.experts-exchange.com/OS/Linux/Q_28483323.html#a40230555
You are lucky bastard since your PHP kept running and just the new auth module does not.
0
 

Author Comment

by:projects
Comment Utility
Sorry, not following here.
What is it that you believe I am missing? Why do you think I've been lucky? What do I need to install?
0
 
LVL 61

Expert Comment

by:gheist
Comment Utility
PHP client loads way too new SQL client library, which prevents system-supplied library from being used by mod_auth_mysql.
It is how you installed. If you install from SCL it keeps client libraries intact.
0
 

Author Comment

by:projects
Comment Utility
I'm a bit confused about this reply however.

>You can have one of two:
>PHP 5.4 using libmysqlclient.so.18
>XOR
>mod_auth_mysql
>using libmysqlclient.so.16

I'm running php 5.4 now and also have mod_auth_mysql enabled.
If I want to keep running php 5.4, then I need libmysqlclient.so.18?
otherwise? libmysqlclient.so.16?

Not sure what this means.

Also, I've never used SCL before but I have built multi version tools such as perl.
0
 
LVL 61

Expert Comment

by:gheist
Comment Utility
You have answer, just read carefully.
No matter how convincing and helpless you look, two incompatible versions of same library cannot be used inside same process.
0
 

Author Comment

by:projects
Comment Utility
>Convincing and helpless?

Uh???

Anyhow, I don't have ANY  libmysqlclient.so installed at this moment and as I mentioned above, (ID: 40532571) not quite sure what you are suggesting.
0
 
LVL 61

Expert Comment

by:gheist
Comment Utility
does not matter from which package it is installed,  you cannot load them both in same process as they export same function names.
rpm -qf /usr/lib/libmysqlclient.so.1[68]

Your options:
1) Isolate apache and php via mod_fcgid
2) Return PHP to system-povided version
3) drop the idea of auth_mysql
0
 

Author Comment

by:projects
Comment Utility
I have the devel and libs packages installed for mysql but have not found any libmysqlclient.so.x anywhere on the server.

# repoquery --whatprovides *libmysqlclient*
mysql-devel-0:5.1.73-3.el6_5.i686
compat-mysql51-devel-0:5.1.54-1.el6.remi.x86_64
mysql-devel-0:5.1.73-3.el6_5.x86_64
mysql-libs-0:5.1.73-3.el6_5.i686
mysql-devel-0:5.5.41-1.el6.remi.x86_64
mysql-devel-0:5.5.40-1.el6.remi.x86_64
mysql-libs-0:5.5.40-1.el6.remi.x86_64
compat-mysql51-0:5.1.54-1.el6.remi.x86_64
abi-compliance-checker-0:1.99.9-1.el6.noarch
mysql-libs-0:5.5.41-1.el6.remi.x86_64
mysql-libs-0:5.1.73-3.el6_5.x86_64

# repoquery -l mysql-libs-0:5.1.71-1.el6.x86_64 | head -9
# rpm -q mysql-libs
mysql-libs-5.5.40-1.el6.remi.x86_64
# rpm -q mysql-devel
mysql-devel-5.5.40-1.el6.remi.x86_64

In all the years I've been running RHEL/Centos, I've never seen anything like this;

# yum whatprovides libmysqlclient.so.18
Loaded plugins: fastestmirror, priorities, security
Loading mirror speeds from cached hostfile
epel/metalink                                                                                                                                                            |  14 kB     00:00
 * base: mirrors.cat.pdx.edu
 * epel: mirror.hmc.edu
 * extras: mirror.raystedman.net
 * remi: mirrors.mediatemple.net
 * updates: centos.mirrors.hoobly.com
epel                                                                                                                                                                     | 4.4 kB     00:00
epel/primary_db                                                                                                                                                          | 6.4 MB     00:00
Warning: 3.0.x versions of yum would erroneously match against filenames.
 You can use "*/libmysqlclient.so.18" and/or "*bin/libmysqlclient.so.18" to get that behaviour
No Matches found

Open in new window

What in the world does the Warning and solution mean? Can't seem to find anything on searches.
0
 
LVL 61

Expert Comment

by:gheist
Comment Utility
Please:
$ rpm -qf /usr/lib/libmysqlclient.so.1[68]
Which packages provide the conflicting versions?

I do not care if you have repositories configured AT ALL. Conflict is in installed files on your system. Leave repositories and YUM alone.
0
 

Author Comment

by:projects
Comment Utility
It's interesting how you are scolding me and telling me I am acting helpless. I've told you that this is something I've not experienced before. The one time I did, I was able to install and run two different perl versions on the server.

Other times, when I need to upgrade something, say php, there will often be conflicts between the centos installed files or updates and the extra repos to allow for newer versions. I've usually always been able to work through those but the way you are explaining things is simply confusing me more than giving me answers.

I simply need you to better explain what the problem is.

You say please run this... I did and the result was the following.

# rpm -qf /usr/lib/libmysqlclient.so.1[68]
error: file /usr/lib/libmysqlclient.so.1[68]: No such file or directory

I've never run a query using such an extension as [68] so I am not even sure if that is the right command. That is why I posted all of the other stuff, because typically more information is better than not enough information.

I haven't been playing with yum other than to try and find out if I could pull together the right files, possibly working through the dependencies, etc.
So, what next?
0
 
LVL 61

Expert Comment

by:gheist
Comment Utility
I meant...
rpm -qf /usr/lib64/mysql/libmysqlclient.so.1[86]
0
 

Author Comment

by:projects
Comment Utility
Ok then, here is the result

# rpm -qf /usr/lib64/mysql/libmysqlclient.so.1[86]
compat-mysql51-5.1.54-1.el6.remi.x86_64
mysql-libs-5.5.40-1.el6.remi.x86_64
0
 
LVL 61

Expert Comment

by:gheist
Comment Utility
Easiest to get dbd_mysql working is to split php from httpd using mod_fcgid. It will not work as it is with current software combination.
0
 

Author Comment

by:projects
Comment Utility
It could be a solution for someone but I'm not sure that this would work for me.
There are quite a number of connections and this would add yet another layer/load on apache.

It is a lead however but perhaps there is some other way of doing it. I'll look at the possibility of downgrading or upgrading everything so that all versions match better yet still run what I need.

At this point, can you tell me what is the end result that I am after.
Is it the mysql-libs which aren't compatible and if so, what am I trying to get to. And does mysql-libs give me the libmysqlclient that is not installed, which is what I am after?
0
 
LVL 61

Expert Comment

by:gheist
Comment Utility
You will unload PHP from all apache processes, so there will be just couple of PHP processes with high RAM use and small apache processes without modules.
0
 
LVL 61

Accepted Solution

by:
gheist earned 500 total points
Comment Utility
You need to downgrade PHP to PHP 5.3 as included with system, then upgrade to SCL PHP54
Then PHP and dbd_mysql qill use libmysqlclient16 aka MySQL 5.1 client.
If you can make a desktop virtualisation solution maybe it helps to sort out the process.
Maybe you just swap all files on the disk and get through with single apache restart.
Also ir may reach dead end that some used php module is not available in SCL - so better try outside the system first.
Probably you need to add exclude=php\* to remi repository definiton to prevent unvanted shifts to no good.
0
 

Author Comment

by:projects
Comment Utility
I've looked for solutions excluding remi as well. I can't downgrade because other apps need the newer php.
Guess my only option is to fire up another server and use it for this particular application.

Thanks for all the help. Hopefully, someone else can get something out of this question too :)
0
 
LVL 61

Expert Comment

by:gheist
Comment Utility
You have PHP 5.4 and SCL has PHP 5.4. What do you want to downgrade?
0
 

Author Comment

by:projects
Comment Utility
I meant that I could build another server using only generic Centos packages instead of using remi and others.

When I use additional repos, I simply call them up with yum otherwise, they are set to 0.

This seems to be the SCL solution you are suggesting.

http://blog.famillecollet.com/post/2012/11/20/PHP-5.4-as-Software-Collection
0
 
LVL 61

Expert Comment

by:gheist
Comment Utility
Not really
yum install centos-release-SCL
yum --enablerepo=scl list

More here:
http://wiki.centos.org/AdditionalResources/Repositories/SCL
0
 

Author Comment

by:projects
Comment Utility
Thanks for the better lead. I'll get on this in the next few weeks.
0
 
LVL 61

Expert Comment

by:gheist
Comment Utility
epel is one that adds packages (not replaces), jpackage is for you if you use java.
remi is dangerous as you see...
And why not jump on CentOS7 with the "good" versions in place for few years to come?
0
 

Author Comment

by:projects
Comment Utility
Yes, that is a good point. The problem is that the server in this case is sitting in a data center so it's all remote. Not sure I can upgrade from 6.6 to 7 safely remotely. I'll have to look into that.
0
 
LVL 61

Expert Comment

by:gheist
Comment Utility
It is "supported" though i'd make a good target practice before on desktop VMs if I was to do it.

I think as first iteration you can try
list php*remi packages
check if you can get respective php54*alt packages (SCL)
yum install --downloadonly last
yum remove first
yum install last
(remi may not keep config files after uninstall, so backup backup backp)
Once done you have PHP that uses PHP 5.1 client (libmysqlclient.16) and can work in apache that uses mod_dbd_mysql.

That saves mysql auth module until you have time to decide about update.

yum-utils includes nice yumdownloader, that can save exact set of installed PHP RPMs if you must revert
0
 

Author Comment

by:projects
Comment Utility
How interesting... I could actually delete all of the remi stuff now that 5.4 is available to centos.

# yum list installed | grep remi
compat-mysql51.x86_64               5.1.54-1.el6.remi                  @remi
mysql.x86_64                        5.5.40-1.el6.remi                  @remi
mysql-connector-python.noarch       1.1.6-1.el6.remi                   @remi
mysql-devel.x86_64                  5.5.40-1.el6.remi                  @remi
mysql-libs.x86_64                   5.5.40-1.el6.remi                  @remi
mysql-server.x86_64                 5.5.40-1.el6.remi                  @remi
mysql-utilities.noarch              1.3.6-1.el6.remi                   @remi
php.x86_64                          5.4.32-1.el6.remi                  @remi
php-bcmath.x86_64                   5.4.32-1.el6.remi                  @remi
php-channel-phpseclib.noarch        1.3-1.el6.remi                     @remi
php-cli.x86_64                      5.4.32-1.el6.remi                  @remi
php-common.x86_64                   5.4.32-1.el6.remi                  @remi
php-devel.x86_64                    5.4.32-1.el6.remi                  @remi
php-gd.x86_64                       5.4.32-1.el6.remi                  @remi
php-imap.x86_64                     5.4.32-1.el6.remi                  @remi
php-mbstring.x86_64                 5.4.32-1.el6.remi                  @remi
php-mcrypt.x86_64                   5.4.32-1.el6.remi                  @remi
php-mysql.x86_64                    5.4.32-1.el6.remi                  @remi
php-pdo.x86_64                      5.4.32-1.el6.remi                  @remi
php-pear.noarch                     1:1.9.5-3.el6.remi                 @remi
php-php-gettext.noarch              1.0.11-4.el6.remi                  @remi
php-phpseclib-crypt-aes.noarch      0.3.7-1.el6.remi                   @remi
php-phpseclib-crypt-base.noarch     0.3.7-1.el6.remi                   @remi
php-phpseclib-crypt-rijndael.noarch 0.3.7-1.el6.remi                   @remi
php-process.x86_64                  5.4.32-1.el6.remi                  @remi
php-recode.x86_64                   5.4.32-1.el6.remi                  @remi
php-soap.x86_64                     5.4.32-1.el6.remi                  @remi
php-tcpdf.noarch                    6.0.093-1.el6.remi                 @remi
php-tcpdf-dejavu-sans-fonts.noarch  6.0.093-1.el6.remi                 @remi
php-tidy.x86_64                     5.4.32-1.el6.remi                  @remi
php-xml.x86_64                      5.4.32-1.el6.remi                  @remi
phpMyAdmin.noarch                   4.2.8-1.el6.remi                   @remi
remi-release.noarch                 6.5-1.el6.remi                     installed

Open in new window


]# yum info php
Loaded plugins: fastestmirror, priorities, security
Loading mirror speeds from cached hostfile
 * base: mirrors.easynews.com
 * extras: centos-distro.cavecreek.net
 * updates: repos.lax.quadranet.com
Installed Packages
Name        : php
Arch        : x86_64
Version     : 5.4.32
Release     : 1.el6.remi
Size        : 9.2 M
Repo        : installed
From repo   : remi
Summary     : PHP scripting language for creating dynamic web sites
URL         : http://www.php.net/
License     : PHP and Zend and BSD
Description : PHP is an HTML-embedded scripting language. PHP attempts to make it
            : easy for developers to write dynamically generated web pages. PHP also
            : offers built-in database integration for several commercial and
            : non-commercial database management systems, so writing a
            : database-enabled webpage with PHP is fairly simple. The most common
            : use of PHP coding is probably as a replacement for CGI scripts.
            :
            : The php package contains the module (often referred to as mod_php)
            : which adds support for the PHP language to Apache HTTP Server.

Open in new window

0
 
LVL 61

Expert Comment

by:gheist
Comment Utility
The remi package mysql51-compat provides enough for php mysql client to connect (though it is not a good practive to replace system packages as done by remi, but it will suffice for us.

Please review if you really depend on missing packages. If not just jump....

That yields required package list:
php54-php
php54-php-bcmath
php54-php-channel-phpseclib
php54-php-cli
php54-php-common
php54-php-devel
php54-php-gd
php54-php-imap
php54-php-mbstring
php54-php-mcrypt
php54-php-mysql
php54-php-pdo
php54-php-pear
php54-php-php-gettext
php54-php-phpseclib-crypt-aes
php54-php-phpseclib-crypt-base
php54-php-phpseclib-crypt-rijndael
php54-php-process
php54-php-recode
php54-php-soap
php54-php-tcpdf
php54-php-tcpdf-dejavu-sans-fonts
php54-php-tidy
php54-php-xml

Open in new window

On a clean Centos 6.6 installed from minimal iso:
No package php54-php-channel-phpseclib available.
No package php54-php-mcrypt available.
No package php54-php-php-gettext available.
No package php54-php-phpseclib-crypt-aes available.
No package php54-php-phpseclib-crypt-base available.
No package php54-php-phpseclib-crypt-rijndael available.
No package php54-php-tcpdf available.
No package php54-php-tcpdf-dejavu-sans-fonts available.

Open in new window

...
9.3M to download.

Rijndael is working name before it became AES...
Me no clue what is the rest.
0
 

Author Comment

by:projects
Comment Utility
Thanks for all the info, I will refer back to this question once I have able to work on this.
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

Envision that you are chipping away at another e-business site with a team of pundit developers and designers. Everything seems, by all accounts, to be going easily.
"In order to have an organized way for empathy mapping, we rely on a psychological model and trying to model it in a simple way, so we will split the board to three section for each persona and a scenario and try to see what those personas would Do,…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now