Working on a python app on Mac (Yosemite OSX 10.10) I ran into this issue:
OperationalError: (2049, "Connection using old (pre-4.1.1) authentication protocol refused (client option 'secure_auth' enabled)")
With a bit of research it seemed that my client (that is mysql-python) is using secure auth and the user had a password encrypted in an old style, that is prior to pre-4.1.1.
As I do not have ways to handle things on the DB side I was wondering if there was a workaround or a way to deactivate secure_auth on mysql-python?
I am adapting the answer from here:
Eventually you have to tell the client who has an old-style password to change it to a new-style password. Old passwords are not secure.
Now, you are getting the error since the client has secure_auth set, but they have an old password. In order to login with the old password, the client must disable secure_auth on the client side. How exactly you do this varies by which client you're using.
Some other workarounds can be found in the MySQL documentation: Client does not support authentication protocol
I found a cure!
Or rather a workaround. From this post I decided to select slightly older version of MySQL and MySQLdb and this solved the issue.
Here is how I did it:
I had previously installed mysql_python for my python and had the brew version of mysql installed.
I deteleted all of that.
I look for a way to install MySQLdb by looking for it last stable version with the source.
I compiled them (followed the isntructions here), installed them and then I looked for a stable version of MySQL client (MySQL website is the best place for that) and install the 5.5 version which was perfectly fitting my requirements.
I made mysql to launch itself automatically and then restarted my computer (but you can just restart apache) and check that all path were correct and the right includes are in the right places (you can check that against the link above).
And now it all works fine!
Hope it helps.
Related
I am trying to access a REST service that uses Kerberos authentication (company internal) from a Python app on Windows. However, it seems that the service is configured to expect a SPNEGO only as when I try to use requests-kerberos to connect as in:
requests.get('servicename', auth=HTTPKerberosAuth())
it produces a 500 Error from the server with:
javax.servlet.ServletException: GSSException: No credential found for: 1.2.840.113554.1.2.2
My guess is that server is configured to expect SPNEGO only and Python client supports only Kerberos.
I have tried installing PyKerberos but that fails as it expects krb5 on the system and I am doing this under Windows. Are there any libraries available that could help me do a SPNEGO call from Python in Windows?
In case anyone else would be having a similar problem - resolved by using pycurl with pycurl.HTTPAUTH_GSSNEGOTIATE attribute set.
I'm making queries from a MS SQL server using Python code (Pymssql library) however I was wondering if there was any way to make the connection secure and encrypt the data being sent from the server to python?
Thanks
Yes, it can.
You need FreeTDS which supports SSL via OpenSSL. If you happened to use Linux (or Docker on Windows), it's quite easy to install standalone FreeTDS in Debian:
apt-get update
apt-get install freetds-bin freetds-dev
pip install pymssql
Don't use pymssql with bundled FreeTDS library, it does not support SSL apparently. The bundled library is used when you set env variable PYMSSQL_BUILD_WITH_BUNDLED_FREETDS=1 before installing pymssql.
pymssql certainly claims to be able to work with encrypted connections to the SQL Server (via OpenSSL). One reason why some might believe it to be impossible is that Windows releases of pymssql versions prior to 2.1.2 were shipped with pymssql statically linked to FreeTDS for unencrypted connections only.
Starting with version 2.1.2, the Windows release of pymssql is shipped dynamically linked to FreeTDS so it can support both unencrypted connections (via FreeTDS alone) or encrypted connections (via FreeTDS and OpenSSL). For details – and an important update re: versions 2.1.3 and later – see the related answer here.
If you want to connect SQL server using secured connection using pymssql then you need to provide "secure" syntax in your host..
for e.g.
unsecured connection host : xxx.database.windows.net:1433
secured connection host : xxx.database.secure.windows.net:1443
Unfortunately there's no way, but you could use pyodbc.
OK. So I've been treading on the thin edge of madness trying to get a Python virtualenv with Django set up. Tried a couple of different tutorials, first on Mac and then on Linux (Ubuntu), and always get as far as installing the Django package, and then I try and set up the database and everything just melts down. At first I was getting a lot of "mysql_config not found" and architecture compatibility errors (which was when I moved over to trying it on Linux)...now I think I've finally gotten it installed and not conflicting with anything and I don't know what to do next. I'm supposed to edit Django's settings file with the database info (name, UN, PW, and port), and I don't know where to look for this information.
So...my questions:
Is MySQL automatically running on Ubuntu if it is installed? If not, how do I turn it on?
Where do I edit databases? I'm a PHP person in general and this is early days with my forays into Python...I've generally done most of my database management through PHPMyAdmin...I know there's a command line for MySQL and I'd be able to use it but I don't know how to turn it on.
How do I find out what port MySQL is running on?
Again, this is an install in a virtualenv, if that makes any difference to the answers. I apologize if this is a totally noobish question but all the Django setup tutorials I've found seem to just assume I know this step.
Thanks much for any help!
1- mysql not installed on ubuntu by default, if you need to start mysql on the boot try:
chkconfig mysql on
2- mysql has a advanced commandline. just try in terminal:
mysql
use DB;
SELECT * FROM tbl1;
3- mysql runing on port 3306. and you can find port by this:
netstat -tnlp | grep mysql
finally you must be look at: Using PIP in a virtual environment, how do I install MySQL-python
I'm trying to convert a django / cPython app to run as a Tomcat WAR using Jython. We are using a mysql database (MySQLdb in cPython / mysql-connector-java-5.1.15-bin.jar in jython). I have changed the DATABASE_ENGINE between the two configurations. The app runs great with cPython (after I disabled SELinux limitations on http connections to a database). The front page, images, and static content work in the jython. However, when I request a page that hits the database, it seems to hang for a while, then returns with:
Communications link failure
The last packet sent successfully to
the server was 0 milliseconds ago. The
driver has not received any packets
from the server. [SQLCode: 0],
[SQLState: 08S01]
Has anyone seen this before? I don't see any recent discussions of this type or problem. I'm using django 1.2.5, jython 2.5.2. I've tried running the Java app under Fedora (jre-1.6.0-openjdk.x86_64) and Windows (Java(TM) SE Runtime Environment (build 1.6.0_23-b05)). Same behavior. I've also tried both mysql-connector-java-5.1.15-bin.jar (the latest version) and mysql-connector-java-5.1.10-bin.jar ("extensively tested" according to http://packages.python.org/django-jython/database-backends.html). None of the various configurations affect the behavior.
How can I solve it or where should I look next?
I found the mistake. In hindsight, it's obvious. I made a type-o in the IP address of the database server, but only in the configuration file on the jython branch. As a result, the Jython instance hung while the cPython instance didn't. Found the error when I merged the two into a single settings.py (using "if os.name=='java'" to make the necessary jython changes.
So . . . What's the correct protocol here? Should I delete the question or leave it up in case someone else makes the same type of mistake I did?
Is there any way to connect to an MS SQL Server database with python on linux using Windows Domain Credentials?
I can connect perfectly fine from my windows machine using Windows Credentials, but attempting to do the same from a linux python with pyodbs + freetds + unixodbc
>>import pyodbc
>>conn = pyodbc.connect("DRIVER={FreeTDS};SERVER=servername;UID=username;PWD=password;DATABASE=dbname")
results in this error:
class 'pyodbc.Error'>: ('28000', '[28000] [unixODBC][FreeTDS][SQL Server]Login incorrect. (20014) (SQLDriverConnectW)')
I'm sure the password is written correctly, but I've tried many different combinations of username:
DOMAIN\username
DOMAIN\\username
or even
UID=username;DOMAIN=domain
to no avail. Any ideas?
As of at least March 2013, this seems to work out of the box with FreeTDS. I specified the TDS protocol version for good measure--not sure if that makes the difference:
connStr = "DRIVER={{FreeTDS}};SERVER={0};PORT=1433;TDS_Version=7.2;UID={1}\\{2};PWD={3}".format(hostname, active_directory_domain, username, password)
Integrated authentication also appears to be supported in Microsoft's official driver for linux: http://msdn.microsoft.com/en-us/library/hh568450.aspx . I'm not sure how many Linux distributions it actually works on or how much of the source is available. They explicitly mention RHEL 5 and 6 and some dependencies on the download page.
As pointed out in one of the comments, this answer is quite stale by now. I regularly and routinely use GSSAPI to authenticate from Linux to SQL Server 2008 R2 but mostly with the EasySoft ODBC manager and the (commercial) EasySoft ODBC SQL Server driver.
In early 2009, a colleague and I managed to connect to a SQL Server 2005 instance from Solaris 10 using GSSAPI (Kerberos credentials) using DBB::Perl over a FreeTDS build linked against a particular version of the MIT kerberos libraries. The trick was -- and this is a little bit difficult to believe but I have verified it by looking through the FreeTDS source code -- to specify a zero-length user_name. If the length of the user_name string is 0 then the FreeTDS code will attempt to use GSSAPI (if that support has been compiled in). I have not been able to do this via Python and pyodbc as I could not figure out a way of getting ODBC to pass down a zero-length user_name.
Here in the perl code .. there are multiple opportunities for breakage wrt configuration files such as .freetds.conf etc. I seem to recall that the principal had to be in uppercase but my notes seem to be in disagreement with that.
$serverprincipal = 'MSSQLSvc/foo.bar.yourdomain.com:1433#YOURDOMAIN.COM';
$dbh = DBI->connect("dbi:Sybase:server=THESERVERNAME;kerberos=$serverprincipal", '', '');
You will have to know how to use the setspn utility in order to get the SQL Server server to use the appropriate security principal name.
I do not have any knowledge of the kerberos side of things because our environment was set up by an out and out Kerberos guru and has fancy stuff like mutual trust set up between the AD domain that the SQL Server is running in and the Kerberos domain that my client was running in.
There is some code http://code.google.com/p/libsqljdbc-auth/ which does GSSAPI authentication from Linux to SQL Server but it is Java only. The author (who seems to know his stuff) also has contributed a similar patch to the jTDS project which works with more recent versions of Java that have GSSAPI built in.
So the pieces are all there, it is just a big tangled mess trying to get them all to work together. I found the pyodbc to unixODBC to FreeTDS odbc to TDS integration pretty hard to trace/debug. The perl stuff because it was a pretty thin wrapper on top to CT-Lib was much easier to get going.
Probably a bit too late to help you out - but I encountered the same issue. At the time of writing, the latest version of pyodbc allows me to login with windows credentials. Just leave the UID field blank in your connection string like so:
cnxn = pyodbc.connect('DRIVER={SQL Server};SERVER=myserverinstance;DATABASE=mydatabase;UID=;PWD=mypassword')
Now this is using your existing windows credentials when you're logged on... not sure how to specify any arb windows domain credentials...
I haven't done it in a while, but I remember the whole unixodbc + FreeTDS + pyodbc thing being a little tricky. However, it can be done, and once setup it's not that hard.
This website provides very good instructions:
http://www.pauldeden.com/2008/12/how-to-setup-pyodbc-to-connect-to-mssql.html (archived copy on Web Archive)
Also, in my experience pyodbc had issues compiling/running on 64 bit Linux machines. Because of that we eventually used ceODBC. ceODBC isn't quite as stable as pyodbc (encountered more unexpected bugs than in pyodbc when running in python prorgram), but it is very easy to get up and running on Linux 64 bit.
I don't believe you'll be able to log in to a windows domain account in this way. You need to set up a user in sql directly for this manner of passing credentials.