Zoneminder login problem,mysql upgrade,authentication,hash

Add any particular hints or tricks you have found to help with your ZoneMinder experience.
Post Reply
postfux
Posts: 20
Joined: Thu Mar 03, 2005 11:33 am
Location: Austria

Zoneminder login problem,mysql upgrade,authentication,hash

Post by postfux »

Hello Zoneminder fans

I am running zm v1.22.3 on a Debian etch (4.0) system.
I have enabled authentication with hashed passwords.

Yesterday i made an upgrade from some Debian security packages,
and since then i could't login with none of my users to zoneminder anymore.

After some research i found out that mysql changed the hashing of passwords from 16-byte to 41-byte

see:
http://dev.mysql.com/doc/refman/5.0/en/ ... shing.html

old 16-byte versus new 41-byte password() function

Code: Select all

mysql> SELECT PASSWORD('mypass');
+--------------------+
| PASSWORD('mypass') |
+--------------------+
| 6f8c114b58f2ce9e   |
+--------------------+

mysql> SELECT PASSWORD('mypass');
+-------------------------------------------+
| PASSWORD('mypass')                        |
+-------------------------------------------+
| *6C8989366EAF75BB670AD8EA7A7FC1176A95CEF4 |
+-------------------------------------------+
The strange thing is that they say they changed it since mysql version 4.1
maybe debian etch was running a modified version!?

before ugrade i had this package installed
mysql-server-5.0_5.0.32-7etch6_i386.deb
and now this one
mysql-server-5.0_5.0.32-7etch8_i386.deb

Anyway my passwords in the zm Users table where still stored in the 16-bytes old way. You can check this with the command

Code: Select all

select * from Users;
what i did was:

Code: Select all

mysql> select password('test');
+-------------------------------------------+
| password('test')                          |
+-------------------------------------------+
| *94BDCEBE19083CE2A1F959FD02F964C7AF4CFC29 |
+-------------------------------------------+
1 row in set (0.00 sec)

and usedthis hash with this command:
mysql> update Users set Password="*94BDCEBE19083CE2A1F959FD02F964C7AF4CFC29" where Username like "admin";
And i could login again and change the other passwords.

Before this i tryed to disable authentication with the command:

Code: Select all

mysql> update Config set Value=0 where Name Like "ZM_OPT_USE_AUTH";
But then i could not access the User tab from the Options cause authentication is turned off, when i turned on the authentication in the Options i would have to reload the page to access the user tab, but then it was allready asking me for the passwod again.

So maybe for the next release it would be good to access the User tab also when the authentication is set to off, to recover from such passwords.

Or maybe to select witch method is used for passwords stored in mysql:

Code: Select all

mysql> select old_password('test');
mysql> select password('test');
I hope this is usefull for someone that hase the same problem.

Greetings from Austria
Markus
Top
ediaz
Posts: 23
Joined: Mon Feb 27, 2006 12:13 pm

Post by ediaz »

Works for me, I upgrade and I can't login. Thanks man!
Top
zmspace
Posts: 1
Joined: Fri Oct 14, 2016 1:17 pm

Re: Zoneminder login problem,mysql upgrade,authentication,hash

Post by zmspace »

After searching for so long, I found this post.

Thanks Markus!
Top
Post Reply

Return to “ZoneMinder Hints & Tips”