phpMyAdmin Error - The configuration file now needs a secret passphrase

Question

I keep getting an error "The configuration file now needs a secret passphrase" after installation of phpmyadmin. I have set the passphrase and also followed the instruction presented on https://serverfault.com/questions/291490/phpmyadmin-not-allowing-users-to-log-on but it doesn't seems to be working. I am using AMI and chcked the owner and permissions as well. Please kindly help.

Answer 1

This might help, https://wiki.archlinux.org/index.php/PhpMyAdmin#Add_blowfish_secret_passphrase

If you see the following error message at the bottom of the page when you first log in to /phpmyadmin (using a previously setup MySQL username and password) :

ERROR: The configuration file now needs a secret passphrase (blowfish_secret)  

You need to add a blowfish password to the phpMyAdmin's config file. The file should be in 1 of these locations, depending on your installation:

• /etc/phpmyadmin/config.inc.php,
• /etc/webapps/phpmyadmin/config.inc.php, or
• /usr/share/phpmyadmin/config.inc.php.

Edit the file and insert a random blowfish "password" in the line

$cfg['blowfish_secret'] = ; /* YOU MUST FILL IN THIS FOR COOKIE AUTH! */  

You can generate a password here.

It should now look something like this:

$cfg['blowfish_secret'] = 'qtdRoGmbc9{8IZr323xYcSN]0s)r$9b_JUnb{~Xz'; /* YOU MUST FILL IN THIS FOR COOKIE AUTH! */  

This all assumes you've already properly created the config file,

cp config.sample.inc.php config.inc.php

Answer 2

I was also getting the error The configuration file now needs a secret passphrase (blowfish_secret) when the configuration file had $cfg['blowfish_secret'] set. I'm using CentOS v6 and I installed PHPMyAdmin from the EPEL repo using yum. I setup nginx to host PHPMyAdmin and the PHPMyAdmin package (by default) is setup to work with Apache. The configuration file is located at /etc/phpMyAdmin/config.inc.php (you can check CONFIG_DIR in libraries/vendor_config.php to find where your config file is located) and if you notice, the user is root and the group is apache for the file and directory. This causes PHPMyAdmin to not be able to read the configuration file. To fix this problem, use chown to change the group to the one that is running your webserver (in my case, the group is nginx). You will need to change the owner for both the directory AND configuration file (as shown below).

chown -R root.nginx /etc/phpMyAdmin/

Note that you may need to do this again if PHPMyAdmin is updated. You may also have further problems with permissions if SELinux is enabled.

Answer 3

The latest version of phpmyadmin does not create the config file after installation. There is an example config file available and an actual default config file deeper in the folder tree.

Note that the blowfish secret must be exactly 32 characters in length else it will not be applied.

Copy the example file to create the actual used file that overrides defaults. The directory shown below is just an example, therefore use the directory/path for your phpmyadmin installation that applies.

cp /usr/share/phpmyadmin/config.sample.inc.php /usr/share/phpmyadmin/config.inc.php

At the top of the file is the blowfish variable that needs to be set. Add 32 random characters to the variable's value and then save the file.

$cfg['blowfish_secret'] = 'KLS$vbc91Lkja$vc@opGbxA278EWopdc';

I did not read anyone mentioning the 32 character rule in this thread. Perhaps that was the issue for the OP.

Answer 4

I had

define('CONFIG_DIR', '/etc/phpmyadmin'); 

in /usr/share/phpmyadmin/libraries/vendor_config.php.

It should be:

define('CONFIG_DIR', '/etc/phpmyadmin/'); 

(forward slash added)

Answer 5

In my case, I upgraded PHPMyAdmin manually because the version in the repo did not behave well with PHP 7.2. I followed all the steps online, but had made a mistake in /usr/share/phpmyadmin/libraries/vendor_config.php.

The line: define('CONFIG_DIR', '/etc/phpmyadmin/'); was missing an / at the end. I found this out by manually editing libraries/classes/Config.php and at the beginning of function load($source) I did a die($source). There I saw that the config source was incorrect.

Answer 6

For me config.inc.php file is missing.

Copy it from config.sample.inc.php or create a new file:

<?php

/******** The Solution *******/
$cfg['blowfish_secret'] = 'type a 32 char passphrase'; 
/****************************/

$i = 0;
$i++;
$cfg['Servers'][$i]['auth_type'] = 'cookie';
$cfg['Servers'][$i]['host'] = 'localhost';
$cfg['Servers'][$i]['compress'] = false;
$cfg['Servers'][$i]['AllowNoPassword'] = false;
$cfg['UploadDir'] = '';
$cfg['SaveDir'] = '';

Then, refresh PhpMyAdmin page twice because it is a cookie issue.

Answer 7

Follow these steps:

1) Go to /etc/httpd/conf.d/phpmyadmin.conf

• (check path of phpMyAdmin in directory tag)

2) Go to /usr/share/phpmyadmin, open conf.inc.php

3) Add value for blowfish_secret, like -

$cfg['blowfish_secret'] = 'mrgQxxk8C-y}U7ji2BO9o5jLf}Qhe-BI[~6SUa';/* YOU MUST FILL IN THIS FOR COOKIE AUTH! */

4) Save & exit.

5) Clear browser cache

6) Try to access with url :http://yourserver.com/phpmyadmin/index.php

Answer 8

In addition to checking permissions are executable for the http (web server) group, it's worth checking that the 'open_basedir' entry in php.ini includes the directory where config.inc.php is located if it is set. This cured this issue for me.

Answer 9

Go to phpmyadmin folder >search for 'lint.php' and set the ='require_once 'libraries/config.inc.php';

It will definetly solve your problem.

If It solve your problem then thanks to me.

Answer 10

Just want to share this. put

$cfg['blowfish_secret'] = 'fill this up';

Go to phpmyadmin folder and search for lint.php

and set the

require_once 'common.inc.php';

Answer 11

If you have edited the file here : /usr/share/phpmyadmin/config.inc.php

And problem not solve, there is a possibility that you are editing wrong file. if you run whereis phpmyadmin -l that should give you list of phpmyadmin location on the server.

Why I said you may be editing wrong file is that if you install your phpmyadmin in var/www/phpmyadmin or var/www/html/phpmyadmin this is where you need to edit the phpmyadmin/config.sample.inc.php.

So try this:

$ cd var/www/html/phpmyadmin
$ cp config.sample.inc.php config.inc.php

Edit this in your way and logout and login phpmyadmin you should be fine.

Answer 12

I ensured the correct webuser was set for /var/lib/phpmyadmin when utilising phpmyadmin with virtualmin. I installed phpmyadmin manually so it could be accessed globally and not per virtualhost/domain. This /var/lib/phpmyadmin folder contained blowfish_secret.inc.php which was created via the installer I assume.

Answer 13

For those who tried:

"Set 'blowfish_secret' correctly in config.inc.php"

but not work!!!

Solution:

Check the permission of the file config.inc.php, it should be 555 for reading and also executing, by this command:

sudo chmod -R 555 /etc/phpMyAdmin

• -R: option, to grant permission for all files under `/etc/phpMyAdmin
• 1st 5: Read + Execute permission for the User.
• 2st 5: Read + Execute permission for the Group.
• 3st 5: Read + Execute permission for the others. (just for sure)

Answer 14

Adding password with 32 symbols inside brackets $cfg['blowfish_secret'] = ''; helped me for another file inside /usr/share/phpmyadmin/libraries/config.default.php

Using debian 9 + ispconfig, manually installed phpmyadmin

Answer 15

In my case it was owner/permissions issue, because I manually created symlink in one of my primary websites to point to /usr/share/phpmyadmin/ so I could access phpMyAdmin from FQDN https://myserver.mydomain.com/changedphpmyadmin instead via IP only. But doing so also changed web user; browsing via IP is different than via FQDN, if this is not default domain.

So in my case the web user of my FQDN could not read /var/lib/phpmyadmin/blowfish_secret.inc.php, so I simply changed owner of this file from root:www-data to web1:client1 in my case. Then test and reload nginx:

chown web1:client1 /var/lib/phpmyadmin/blowfish_secret.inc.php
nginx -t
systemctl reload nginx