List:Commits« Previous MessageNext Message »
From:Georgi Kodinov Date:January 30 2012 4:27pm
Subject:bzr push into mysql-trunk branch (Georgi.Kodinov:3806 to 3807) Bug#13586336
View as plain text  
 3807 Georgi Kodinov	2012-01-30
      Bug #13586336: SRVGEN - HIBISCUS: ISSUE DEPRECATION WARNING FOR 
      LEGACY AUTHENTICATION METHOD
      
      Added warnings as follows : 
      1) Make the server option secure_auth ON per default and issue a warning
      stating that legacy passwords are deprecated if it is ever overridden.
      2) Issue a deprecation warning if a new user account ever is created or
      otherwise configured to use the mysql_old_password plugin.
      3) When upgrading an old system, issue deprecation warnings if an old
      password hash digest is found in the password field.
      
      Added tests for the new warnings and updated existing tests to
      either set secure_auth back to FALSE or adjust the result where this is not
      possible.

    modified:
      mysql-test/r/change_user.result
      mysql-test/r/connect.result
      mysql-test/r/mysql_upgrade.result
      mysql-test/r/mysqld--help-notwin.result
      mysql-test/r/mysqld--help-win.result
      mysql-test/suite/sys_vars/r/old_passwords_func.result
      mysql-test/suite/sys_vars/r/secure_auth_basic.result
      mysql-test/suite/sys_vars/r/secure_auth_func.result
      mysql-test/suite/sys_vars/t/secure_auth_basic.test
      mysql-test/t/change_user.test
      mysql-test/t/connect.test
      mysql-test/t/mysql_upgrade.test
      scripts/mysql_system_tables_fix.sql
      sql/sql_acl.cc
      sql/sys_vars.cc
 3806 Nuno Carvalho	2012-01-30
      BUG#13613270 - INCLUDE/WAIT_FOR_SLAVE_IO_ERROR.INC IS NOT USING INCLUDE/SHOW_SLAVE_STATUS.INC
      
      Unlike in previous versions, include/wait_for_slave_io_error.inc is not 
      using include/show_slave_status.inc duplicating test code lines and not
      taking advantage of include/show_slave_status.inc features.
      
      Changed include/wait_for_slave_io_error.inc to use 
      include/show_slave_status.inc. 
      Updated tests results that use include/wait_for_slave_io_error.inc.

    modified:
      mysql-test/include/wait_for_slave_io_error.inc
      mysql-test/suite/rpl/r/rpl_checksum.result
      mysql-test/suite/rpl/r/rpl_log_pos.result
      mysql-test/suite/rpl/r/rpl_manual_change_index_file.result
      mysql-test/suite/rpl/r/rpl_packet.result
      mysql-test/suite/rpl/r/rpl_row_event_max_size.result
      mysql-test/suite/rpl/t/rpl_checksum.test
      mysql-test/suite/rpl/t/rpl_log_pos.test
      mysql-test/suite/rpl/t/rpl_manual_change_index_file.test
      mysql-test/suite/rpl/t/rpl_packet.test
      mysql-test/suite/rpl/t/rpl_row_event_max_size.test
=== modified file 'mysql-test/r/change_user.result'
--- a/mysql-test/r/change_user.result	2010-11-25 03:50:16 +0000
+++ b/mysql-test/r/change_user.result	2012-01-30 15:43:32 +0000
@@ -1,5 +1,10 @@
+SET GLOBAL secure_auth = OFF;
+Warnings:
+Warning	1287	'pre-4.1 password hash' is deprecated and will be removed in a future release. Please use post-4.1 password hash instead
 grant select on test.* to test_nopw;
 grant select on test.* to test_oldpw identified by password "09301740536db389";
+Warnings:
+Warning	1287	'pre-4.1 password hash' is deprecated and will be removed in a future release. Please use post-4.1 password hash instead
 grant select on test.* to test_newpw identified by "newpw";
 select user(), current_user(), database();
 user()	current_user()	database()
@@ -82,3 +87,4 @@ IS_USED_LOCK('bug31418')
 NULL
 FLUSH STATUS;
 Value of com_select did not change
+SET GLOBAL secure_auth = DEFAULT;

=== modified file 'mysql-test/r/connect.result'
--- a/mysql-test/r/connect.result	2011-08-19 13:04:28 +0000
+++ b/mysql-test/r/connect.result	2012-01-30 15:43:32 +0000
@@ -79,12 +79,17 @@ connect(localhost,test,zorro,test2,MASTE
 ERROR 28000: Access denied for user 'test'@'localhost' (using password: YES)
 connect(localhost,test,zorro,test,MASTER_PORT,MASTER_SOCKET);
 ERROR 28000: Access denied for user 'test'@'localhost' (using password: YES)
+SET GLOBAL secure_auth = OFF;
+Warnings:
+Warning	1287	'pre-4.1 password hash' is deprecated and will be removed in a future release. Please use post-4.1 password hash instead
 update mysql.user set password=old_password("gambling2") where user=_binary"test";
 flush privileges;
 set password="";
 set password='gambling3';
 ERROR HY000: Password hash should be a 41-digit hexadecimal number
 set password=old_password('gambling3');
+Warnings:
+Warning	1287	'pre-4.1 password hash' is deprecated and will be removed in a future release. Please use post-4.1 password hash instead
 show tables;
 Tables_in_mysql
 columns_priv
@@ -128,6 +133,7 @@ connect(localhost,test,zorro,test,MASTER
 ERROR 28000: Access denied for user 'test'@'localhost' (using password: YES)
 delete from mysql.user where user=_binary"test";
 flush privileges;
+SET GLOBAL secure_auth = DEFAULT;
 create table t1 (id integer not null auto_increment primary key);
 create temporary table t2(id integer not null auto_increment primary key);
 set @id := 1;
@@ -236,3 +242,32 @@ SET GLOBAL event_scheduler = OFF;
 # ------------------------------------------------------------------
 # -- End of 5.1 tests
 # ------------------------------------------------------------------
+#
+# Bug #13586336 : SRVGEN - HIBISCUS: ISSUE DEPRECATION WARNING FOR
+# LEGACY AUTHENTICATION METHOD
+#
+#Expect 1
+SELECT @@global.secure_auth;
+@@global.secure_auth
+1
+SET old_passwords=true;
+#Expect deprecation warning
+CREATE USER old_pwd@localhost IDENTIFIED BY 'aha';
+Warnings:
+Warning	1287	'pre-4.1 password hash' is deprecated and will be removed in a future release. Please use post-4.1 password hash instead
+#Expect deprecation warning
+SET PASSWORD FOR old_pwd@localhost = OLD_PASSWORD('aha2');
+Warnings:
+Warning	1287	'pre-4.1 password hash' is deprecated and will be removed in a future release. Please use post-4.1 password hash instead
+#Expect deprecation warning
+GRANT SELECT on test.* TO old_gpwd@localhost 
+IDENTIFIED BY 'aha3';
+Warnings:
+Warning	1287	'pre-4.1 password hash' is deprecated and will be removed in a future release. Please use post-4.1 password hash instead
+#Expected normal flush, no warnings  
+FLUSH PRIVILEGES;
+DROP USER old_pwd@localhost, old_gpwd@localhost;
+SET old_passwords=default;
+# ------------------------------------------------------------------
+# -- End of 5.6 tests
+# ------------------------------------------------------------------

=== modified file 'mysql-test/r/mysql_upgrade.result'
--- a/mysql-test/r/mysql_upgrade.result	2011-12-12 12:55:18 +0000
+++ b/mysql-test/r/mysql_upgrade.result	2012-01-30 15:43:32 +0000
@@ -312,5 +312,48 @@ mysql.time_zone_name                    
 mysql.time_zone_transition                         OK
 mysql.time_zone_transition_type                    OK
 mysql.user                                         OK
+#
+# Bug# 13586336: issue deprecation warning
+#   for legacy authentication method
+#
+CREATE USER 'bug13586336'@'localhost';
+SET PASSWORD FOR 'bug13586336'@'localhost' = OLD_PASSWORD('a');
+Warnings:
+Warning	1287	'pre-4.1 password hash' is deprecated and will be removed in a future release. Please use post-4.1 password hash instead
+Run mysql_upgrade with all privileges on a user
+Warning: Using a password on the command line interface can be insecure.
+Warning: Using a password on the command line interface can be insecure.
+mtr.global_suppressions                            OK
+mtr.test_suppressions                              OK
+mysql.columns_priv                                 OK
+mysql.db                                           OK
+mysql.event                                        OK
+mysql.func                                         OK
+mysql.general_log                                  OK
+mysql.help_category                                OK
+mysql.help_keyword                                 OK
+mysql.help_relation                                OK
+mysql.help_topic                                   OK
+mysql.host                                         OK
+mysql.innodb_index_stats                           OK
+mysql.innodb_table_stats                           OK
+mysql.ndb_binlog_index                             OK
+mysql.plugin                                       OK
+mysql.proc                                         OK
+mysql.procs_priv                                   OK
+mysql.proxies_priv                                 OK
+mysql.servers                                      OK
+mysql.slave_master_info                            OK
+mysql.slave_relay_log_info                         OK
+mysql.slave_worker_info                            OK
+mysql.slow_log                                     OK
+mysql.tables_priv                                  OK
+mysql.time_zone                                    OK
+mysql.time_zone_leap_second                        OK
+mysql.time_zone_name                               OK
+mysql.time_zone_transition                         OK
+mysql.time_zone_transition_type                    OK
+mysql.user                                         OK
+DROP USER 'bug13586336'@'localhost';
 
 End of tests

=== modified file 'mysql-test/r/mysqld--help-notwin.result'
--- a/mysql-test/r/mysqld--help-notwin.result	2012-01-30 10:34:28 +0000
+++ b/mysql-test/r/mysqld--help-notwin.result	2012-01-30 15:43:32 +0000
@@ -712,6 +712,7 @@ The following options may be given as th
  write privileges to the mysql.user table.
  --secure-auth       Disallow authentication for accounts that have old
  (pre-4.1) passwords
+ (Defaults to on; use --skip-secure-auth to disable.)
  --secure-file-priv=name 
  Limit LOAD DATA, SELECT ... OUTFILE, and LOAD_FILE() to
  files within specified directory
@@ -1083,7 +1084,7 @@ report-password (No default value)
 report-port 3306
 report-user (No default value)
 safe-user-create FALSE
-secure-auth FALSE
+secure-auth TRUE
 secure-file-priv (No default value)
 server-id 0
 show-slave-auth-info FALSE

=== modified file 'mysql-test/r/mysqld--help-win.result'
--- a/mysql-test/r/mysqld--help-win.result	2012-01-30 10:34:28 +0000
+++ b/mysql-test/r/mysqld--help-win.result	2012-01-30 15:43:32 +0000
@@ -712,6 +712,7 @@ The following options may be given as th
  write privileges to the mysql.user table.
  --secure-auth       Disallow authentication for accounts that have old
  (pre-4.1) passwords
+ (Defaults to on; use --skip-secure-auth to disable.)
  --secure-file-priv=name 
  Limit LOAD DATA, SELECT ... OUTFILE, and LOAD_FILE() to
  files within specified directory
@@ -1091,7 +1092,7 @@ report-password (No default value)
 report-port 3306
 report-user (No default value)
 safe-user-create FALSE
-secure-auth FALSE
+secure-auth TRUE
 secure-file-priv (No default value)
 server-id 0
 shared-memory FALSE

=== modified file 'mysql-test/suite/sys_vars/r/old_passwords_func.result'
--- a/mysql-test/suite/sys_vars/r/old_passwords_func.result	2008-12-19 15:12:15 +0000
+++ b/mysql-test/suite/sys_vars/r/old_passwords_func.result	2012-01-30 15:43:32 +0000
@@ -8,7 +8,11 @@ CREATE USER 'userNewPass2'@'localhost' I
 SET GLOBAL old_passwords = TRUE;
 SET SESSION old_passwords = TRUE;
 CREATE USER 'userOldPass'@'localhost' IDENTIFIED BY 'pass3';
+Warnings:
+Warning	1287	'pre-4.1 password hash' is deprecated and will be removed in a future release. Please use post-4.1 password hash instead
 SET GLOBAL secure_auth = FALSE;
+Warnings:
+Warning	1287	'pre-4.1 password hash' is deprecated and will be removed in a future release. Please use post-4.1 password hash instead
 ** Connecting con1 using username 'userNewPass1' **
 SELECT CURRENT_USER();
 CURRENT_USER()

=== modified file 'mysql-test/suite/sys_vars/r/secure_auth_basic.result'
--- a/mysql-test/suite/sys_vars/r/secure_auth_basic.result	2009-10-09 13:34:07 +0000
+++ b/mysql-test/suite/sys_vars/r/secure_auth_basic.result	2012-01-30 15:43:32 +0000
@@ -1,19 +1,21 @@
 SET @global_start_value = @@global.secure_auth;
 SELECT @global_start_value;
 @global_start_value
-0
+1
 '#--------------------FN_DYNVARS_143_01------------------------#'
-SET @@global.secure_auth = 1;
+SET @@global.secure_auth = 0;
+Warnings:
+Warning	1287	'pre-4.1 password hash' is deprecated and will be removed in a future release. Please use post-4.1 password hash instead
 SET @@global.secure_auth = DEFAULT;
 SELECT @@global.secure_auth;
 @@global.secure_auth
-0
+1
 '#---------------------FN_DYNVARS_143_02-------------------------#'
 SET secure_auth = 1;
 ERROR HY000: Variable 'secure_auth' is a GLOBAL variable and should be set with SET GLOBAL
 SELECT @@secure_auth;
 @@secure_auth
-0
+1
 SELECT global.secure_auth;
 ERROR 42S02: Unknown table 'global' in field list
 SET global secure_auth = 1;
@@ -22,6 +24,8 @@ SELECT @@global.secure_auth;
 1
 '#--------------------FN_DYNVARS_143_03------------------------#'
 SET @@global.secure_auth = 0;
+Warnings:
+Warning	1287	'pre-4.1 password hash' is deprecated and will be removed in a future release. Please use post-4.1 password hash instead
 SELECT @@global.secure_auth;
 @@global.secure_auth
 0
@@ -83,6 +87,8 @@ VARIABLE_VALUE
 ON
 '#---------------------FN_DYNVARS_143_08-------------------------#'
 SET @@global.secure_auth = OFF;
+Warnings:
+Warning	1287	'pre-4.1 password hash' is deprecated and will be removed in a future release. Please use post-4.1 password hash instead
 SELECT @@global.secure_auth;
 @@global.secure_auth
 0
@@ -96,10 +102,12 @@ SELECT @@global.secure_auth;
 @@global.secure_auth
 1
 SET @@global.secure_auth = FALSE;
+Warnings:
+Warning	1287	'pre-4.1 password hash' is deprecated and will be removed in a future release. Please use post-4.1 password hash instead
 SELECT @@global.secure_auth;
 @@global.secure_auth
 0
 SET @@global.secure_auth = @global_start_value;
 SELECT @@global.secure_auth;
 @@global.secure_auth
-0
+1

=== modified file 'mysql-test/suite/sys_vars/r/secure_auth_func.result'
--- a/mysql-test/suite/sys_vars/r/secure_auth_func.result	2008-12-19 15:12:15 +0000
+++ b/mysql-test/suite/sys_vars/r/secure_auth_func.result	2012-01-30 15:43:32 +0000
@@ -8,10 +8,14 @@ SELECT @@GLOBAL.secure_auth;
 1 / ON Expected
 '#--------------------FN_DYNVARS_144_02-------------------------#'
 SET GLOBAL secure_auth = OFF;
+Warnings:
+Warning	1287	'pre-4.1 password hash' is deprecated and will be removed in a future release. Please use post-4.1 password hash instead
 CREATE USER 'testUser'@'localhost' IDENTIFIED BY 'newpass';
 ** Connecting con_user1 using testUser **
 ** Connection default**
 SET PASSWORD FOR 'testUser'@'localhost' = OLD_PASSWORD('newpass');
+Warnings:
+Warning	1287	'pre-4.1 password hash' is deprecated and will be removed in a future release. Please use post-4.1 password hash instead
 ** Connecting con_user2 using testUser **
 ** Connection default**
 '#--------------------FN_DYNVARS_144_03-------------------------#'
@@ -20,6 +24,8 @@ SET PASSWORD FOR 'testUser'@'localhost' 
 ** Connecting con_user3 using testUser **
 ** Connection default **
 SET PASSWORD FOR 'testUser'@'localhost' = OLD_PASSWORD('newpass');
+Warnings:
+Warning	1287	'pre-4.1 password hash' is deprecated and will be removed in a future release. Please use post-4.1 password hash instead
 ** Connecting con_user4 using testUser **
 ERROR HY000: Server is running in --secure-auth mode, but 'testUser'@'localhost' has a password in the old format; please change the password to the new format
 Expected error "Server is in secure auth mode"

=== modified file 'mysql-test/suite/sys_vars/t/secure_auth_basic.test'
--- a/mysql-test/suite/sys_vars/t/secure_auth_basic.test	2009-10-09 13:34:07 +0000
+++ b/mysql-test/suite/sys_vars/t/secure_auth_basic.test	2012-01-30 15:43:32 +0000
@@ -42,7 +42,7 @@ SELECT @global_start_value;
 #           Display the DEFAULT value of secure_auth                   #
 ######################################################################## 
 
-SET @@global.secure_auth = 1;
+SET @@global.secure_auth = 0;
 SET @@global.secure_auth = DEFAULT;
 SELECT @@global.secure_auth;
 

=== modified file 'mysql-test/t/change_user.test'
--- a/mysql-test/t/change_user.test	2010-11-25 03:50:16 +0000
+++ b/mysql-test/t/change_user.test	2012-01-30 15:43:32 +0000
@@ -2,6 +2,7 @@
 # functional change user tests
 #
 
+SET GLOBAL secure_auth = OFF;
 grant select on test.* to test_nopw;
 grant select on test.* to test_oldpw identified by password "09301740536db389";
 grant select on test.* to test_newpw identified by "newpw";
@@ -122,3 +123,5 @@ if ($after != $before){
   die The value of com_select changed during change_user;
 }
 echo Value of com_select did not change;
+
+SET GLOBAL secure_auth = DEFAULT;

=== modified file 'mysql-test/t/connect.test'
--- a/mysql-test/t/connect.test	2010-11-25 03:50:16 +0000
+++ b/mysql-test/t/connect.test	2012-01-30 15:43:32 +0000
@@ -65,6 +65,7 @@ connect (fail_con,localhost,test,zorro,t
 connect (fail_con,localhost,test,zorro,);
 
 # check if old password version also works
+SET GLOBAL secure_auth = OFF;
 update mysql.user set password=old_password("gambling2") where user=_binary"test";
 flush privileges;
 
@@ -102,6 +103,7 @@ connect (fail_con,localhost,test,zorro,)
 # do not depend on this test.
 delete from mysql.user where user=_binary"test";
 flush privileges;
+SET GLOBAL secure_auth = DEFAULT;
 
 #
 # Bug#12517 Clear user variables and replication events before
@@ -297,6 +299,37 @@ SET GLOBAL event_scheduler = OFF;
 --echo # -- End of 5.1 tests
 --echo # ------------------------------------------------------------------
 
+--echo #
+--echo # Bug #13586336 : SRVGEN - HIBISCUS: ISSUE DEPRECATION WARNING FOR
+--echo # LEGACY AUTHENTICATION METHOD
+--echo #
+
+--echo #Expect 1
+SELECT @@global.secure_auth;
+
+SET old_passwords=true;
+
+--echo #Expect deprecation warning
+CREATE USER old_pwd@localhost IDENTIFIED BY 'aha';
+
+--echo #Expect deprecation warning
+SET PASSWORD FOR old_pwd@localhost = OLD_PASSWORD('aha2');
+
+--echo #Expect deprecation warning
+GRANT SELECT on test.* TO old_gpwd@localhost 
+  IDENTIFIED BY 'aha3';
+
+--echo #Expected normal flush, no warnings  
+FLUSH PRIVILEGES;  
+
+DROP USER old_pwd@localhost, old_gpwd@localhost;  
+SET old_passwords=default;
+
+--echo # ------------------------------------------------------------------
+--echo # -- End of 5.6 tests
+--echo # ------------------------------------------------------------------
+
+
 # Wait till all disconnects are completed
 --source include/wait_until_count_sessions.inc
 

=== modified file 'mysql-test/t/mysql_upgrade.test'
--- a/mysql-test/t/mysql_upgrade.test	2011-12-12 12:55:18 +0000
+++ b/mysql-test/t/mysql_upgrade.test	2012-01-30 15:43:32 +0000
@@ -128,5 +128,16 @@ let $MYSQLD_DATADIR= `select @@datadir`;
 # so the following command should never fail.
 --remove_file $MYSQLD_DATADIR/mysql_upgrade_info
 
+--echo #
+--echo # Bug# 13586336: issue deprecation warning
+--echo #   for legacy authentication method
+--echo #
+
+CREATE USER 'bug13586336'@'localhost';
+SET PASSWORD FOR 'bug13586336'@'localhost' = OLD_PASSWORD('a');
+--echo Run mysql_upgrade with all privileges on a user
+--exec $MYSQL_UPGRADE --skip-verbose --force 2>&1
+DROP USER 'bug13586336'@'localhost';
+
 --echo
 --echo End of tests

=== modified file 'scripts/mysql_system_tables_fix.sql'
--- a/scripts/mysql_system_tables_fix.sql	2011-08-19 13:24:24 +0000
+++ b/scripts/mysql_system_tables_fix.sql	2012-01-30 15:43:32 +0000
@@ -663,3 +663,20 @@ flush privileges;
 
 ALTER TABLE slave_master_info ADD Ssl_crl TEXT CHARACTER SET utf8 COLLATE utf8_bin COMMENT 'The file used for the Certificate Revocation List (CRL)';
 ALTER TABLE slave_master_info ADD Ssl_crlpath TEXT CHARACTER SET utf8 COLLATE utf8_bin COMMENT 'The path used for Certificate Revocation List (CRL) files';
+
+--
+-- Check for accounts with old pre-4.1 passwords and issue a warning
+--
+
+-- SCRAMBLED_PASSWORD_CHAR_LENGTH_323 = 16
+SET @deprecated_pwds=(SELECT COUNT(*) FROM mysql.user WHERE LENGTH(password) = 16 AND plugin='');
+
+-- signal the deprecation error
+DROP PROCEDURE IF EXISTS mysql.warn_pre41_pwd;
+CREATE PROCEDURE mysql.warn_pre41_pwd() SIGNAL SQLSTATE '01000' SET MESSAGE_TEXT='Pre-4.1 password hash is deprecated and will be removed in a future release. Please upgrade the user definitions using it to a new format.';
+SET @cmd='call mysql.warn_pre41_pwd()';
+SET @str=IF(@deprecated_pwds > 0, @cmd, 'SET @dummy=0');
+PREPARE stmt FROM @str;
+EXECUTE stmt;
+DROP PREPARE stmt;
+DROP PROCEDURE mysql.warn_pre41_pwd;

=== modified file 'sql/sql_acl.cc'
--- a/sql/sql_acl.cc	2011-12-12 12:55:18 +0000
+++ b/sql/sql_acl.cc	2012-01-30 15:43:32 +0000
@@ -188,6 +188,9 @@ static plugin_ref old_password_plugin;
 #endif
 static plugin_ref native_password_plugin;
 
+#define WARN_DEPRECATED_41_PWD_HASH(thd) \
+  WARN_DEPRECATED(thd, "pre-4.1 password hash", "post-4.1 password hash")
+
 /* Classes */
 
 struct acl_host_and_ip
@@ -2161,6 +2164,10 @@ static bool update_user_table(THD *thd, 
   }
   store_record(table,record[1]);
   table->field[2]->store(new_password, new_password_len, system_charset_info);
+
+  if (new_password_len == SCRAMBLED_PASSWORD_CHAR_LENGTH_323)
+    WARN_DEPRECATED_41_PWD_HASH(thd);
+
   if ((error=table->file->ha_update_row(table->record[1],table->record[0])) &&
       error != HA_ERR_RECORD_IS_THE_SAME)
   {
@@ -2231,6 +2238,8 @@ static int replace_user_table(THD *thd, 
       my_error(ER_PASSWD_LENGTH, MYF(0), SCRAMBLED_PASSWORD_CHAR_LENGTH);
       DBUG_RETURN(-1);
     }
+    if (combo.password.length == SCRAMBLED_PASSWORD_CHAR_LENGTH_323)
+      WARN_DEPRECATED_41_PWD_HASH(thd);
     password_len= combo.password.length;
     password=combo.password.str;
   }

=== modified file 'sql/sys_vars.cc'
--- a/sql/sys_vars.cc	2012-01-30 10:34:28 +0000
+++ b/sql/sys_vars.cc	2012-01-30 15:43:32 +0000
@@ -2334,12 +2334,25 @@ static Sys_var_mybool Sys_query_cache_wl
        DEFAULT(FALSE));
 #endif /* HAVE_QUERY_CACHE */
 
+static bool
+on_check_opt_secure_auth(sys_var *self, THD *thd, set_var *var)
+{
+  if (!var->save_result.ulonglong_value)
+  {
+    WARN_DEPRECATED(thd, "pre-4.1 password hash", "post-4.1 password hash");
+  }
+  return false;
+}
+
 static Sys_var_mybool Sys_secure_auth(
        "secure_auth",
        "Disallow authentication for accounts that have old (pre-4.1) "
        "passwords",
        GLOBAL_VAR(opt_secure_auth), CMD_LINE(OPT_ARG),
-       DEFAULT(FALSE));
+       DEFAULT(TRUE),
+       NO_MUTEX_GUARD, NOT_IN_BINLOG,
+       ON_CHECK(on_check_opt_secure_auth)
+       );
 
 static Sys_var_charptr Sys_secure_file_priv(
        "secure_file_priv",

No bundle (reason: useless for push emails).
Thread
bzr push into mysql-trunk branch (Georgi.Kodinov:3806 to 3807) Bug#13586336Georgi Kodinov31 Jan