Authentication

升級到 phpMyAdmin-4.0.10.17-2.el6 時的 phpMyAdmin 身份驗證問題

  • September 29, 2016

我遇到了一個問題,在 CentOS 6 上將 phpMyAdmin 從 0:4.0.10.16-1.el6 例行升級到 phpMyAdmin-4.0.10.17-2.el6 會導致登錄到 mysql 伺服器時出現一些奇怪的行為。基本上,使用者無法持續登錄。我已經嘗試以自己的身份登錄並且能夠進入,但是我的同事可以使用記憶體清除瀏覽器嘗試它並遇到 #1045 - Unable to login to the MySQL server 錯誤。奇怪的是當頁面重新載入時,它的使用者名欄位中有我的使用者名,就好像它試圖訪問我以前的會話一樣。mysqld 錯誤日誌還列出了我在這些後續失敗嘗試中的使用者名。據我所知,我們沒有安裝 PHP APC 或類似的東西,也沒有使用任何類型的 Apache 反向代理。

正如預期的那樣,嘗試從 PHPMyAdmin 伺服器上的 bash shell 訪問 MySQL 框工作得很好。此外,降級版本可以解決該問題。我查看了 phpmyadmin github bug 部分,找不到任何報告類似行為的人。

有沒有其他人遇到過這個問題?是否可以啟用任何類型的調試或詳細日誌記錄來嘗試查看這些身份驗證嘗試中發生了什麼?

編輯:可能應該添加我們的 conf 文件……

<?php
/**
* phpMyAdmin configuration file, you can use it as base for the manual
* configuration. For easier setup you can use "setup/".
*
* All directives are explained in Documentation.html and on phpMyAdmin
* wiki <http://wiki.phpmyadmin.net>.
*/

/*
* This is needed for cookie based authentication to encrypt password in
* cookie
*/
$cfg['blowfish_secret'] = '&lt;secret redacted&gt;'; /* YOU MUST FILL IN THIS FOR COOKIE AUTH! */

/* added to stop the stupid version check */
$cfg['VersionCheck'] = false;

/**
* Server(s) configuration
*/
$i = 0;

// The $cfg['Servers'] array starts with $cfg['Servers'][1].  Do not use
// $cfg['Servers'][0]. You can disable a server config entry by setting host
// to ''. If you want more than one server, just copy following section
// (including $i incrementation) serveral times. There is no need to define
// full server array, just define values you need to change.

$db_servers = array(
&lt;server names redacted&gt;
);

foreach ($db_servers as $db_server) {
 $i++;
 $cfg['Servers'][$i]['host']          = $db_server;
 $cfg['Servers'][$i]['connect_type']  = 'tcp';       // How to connect to MySQL server ('tcp' or 'socket')
 $cfg['Servers'][$i]['extension']     = 'mysqli';    // The php MySQL extension to use ('mysql' or 'mysqli')
 $cfg['Servers'][$i]['compress']      = FALSE;       // Use compressed protocol for the MySQL connection
 $cfg['Servers'][$i]['auth_type']     = 'cookie';      // Authentication method (config, http or cookie based)?
}

/*
* End of servers configuration
*/

/*
* Directories for saving/loading files from server
*/
$cfg['UploadDir'] = '/var/lib/phpMyAdmin/upload';
$cfg['SaveDir']   = '/var/lib/phpMyAdmin/save';

/*
* Disable the default warning that is displayed on the DB Details Structure
* page if any of the required Tables for the relation features is not found
*/
$cfg['PmaNoRelation_DisableWarning'] = TRUE;


//http://future500.nl/phpmyadmin-slow-on-startup/:
$cfg['MaxExactCountViews'] = 0;//disable trying to count the number of rows in any view
$cfg['MaxExactCount'] = 0;//disable correcting the InnoDB estimates

?&gt;

經過大量研究,我們發現我們的問題在於 blowfish_secret 值。我向 EPEL 送出了一個錯誤,這可能是上游問題,但現在,請確保您的

$cfg['blowfish_secret'] = 'XXXX'

… 32 個字元。(可能有一些上限,但我們沒有嘗試確定。

EPEL6 BUG:https ://bugzilla.redhat.com/show_bug.cgi?id=1380446

〜湯米

引用自:https://serverfault.com/questions/805488