Bug #409 Occasionally get password authentication failures
Submitted: 9 May 2003 0:59 Modified: 12 Jun 2003 8:33
Reporter: Clinton Gormley Email Updates:
Status: Can't repeat Impact on me:
Category:MySQL Server Severity:S1 (Critical)
Version:4.1a OS:Linux (Redhat)
Assigned to: CPU Architecture:Any

[9 May 2003 0:59] Clinton Gormley
Occasionally I get an error trying to connect to MySQL:
Access denied for user: 'travel@localhost' (Using password: YES)

This happens in spite of the fact that I am using stored credentials, and it always succeeds the next time I try it.

This has happened only since upgrading to MySQL 4.1.

How to repeat:
Difficult to replicate.  I haven't figured out anything that seems to trigger this.

I am developing a web site with mod_perl so I restart the web server regularly, and occasionally, it returns this password error. 

I have also experienced it with the command line tool.
[30 May 2003 4:23] Alexander Keremidarski
Not enough information was provided for us to be able
to handle this bug. Please re-read the instructions at

If you can provide more information, feel free to add it
to this bug and change the status back to 'Open'.

Thank you for your interest in MySQL.

Can you provide more details? Which 4.1 did you installed? 4.1.0 from RPM, binary or source? Or it is from BitKeeper tree?
[3 Jun 2003 11:14] Clinton Gormley
OK - sorry about that. I'm using the 4.1 tarballs from the MySQL site (on RedHat 9).

I am connecting to the mysqld with DBD::Mysql v 2.1026 and sporadically get authentication failures (although the credentials don't change). I try again, and it works perfectly.

I haven't been getting failures just connecting with the command line client and then exiting.  However, the reason I don't think this is a DBD issue is that, at the time I first submitted this bug, I read a post somewhere (and can't for the life of me find it again) that somebody else was experiencing the same issue.

He had submitted a small shell script which repeatedly connected to mysql with the command line client, and then disconnected again.  I have not been able to replicate this.

Anything more info I can give you?
[12 Jun 2003 8:33] Michael Widenius
A quick follow up on this:

We found a security issue with the new autentication protocol on 4.1.0 and will change this for 4.1.1.  There is a good change that this will also fix this bug (as most of the current code will be replaced).