Documentation Home
MySQL Internals Manual
Download this Manual
EPUB - 1.2Mb


MySQL Internals Manual  /  ...  /  COM_CHANGE_USER and Non-CLIENT_PLUGIN_AUTH Clients

14.2.4.1 COM_CHANGE_USER and Non-CLIENT_PLUGIN_AUTH Clients

Clients which do not support pluggable authentication can send COM_CHANGE_USER command for accounts which use Secure Password Authentication or Old Password Authentication. In this case it is assumed that server has already sent the authentication challenge - the same which was sent when the client connected for the first time - and client's reply to that challenge, i.e. the hash of the new password, should be sent in the auth-response field of COM_CHANGE_USER packet.

  1. the client sends COM_CHANGE_USER packet with authentication response (hash of a password) for Secure Password Authentication (post 4.1 clients) or Old Password Authentication (pre 4.1 clients) method.

  2. the server responds with OK_Packet and returns to command phase or with ERR_Packet and closes the connection.

As during normal connection, it is also possible that a post 4.1 client which does not support pluggable authentication connects to an account which uses Old Password Authentication. In that case server will send Old Authentication Method Switch Request Packet and expect client to reply with Old Handshake Response Packet.

  1. the client sends COM_CHANGE_USER packet with response for Secure Password Authentication method

  2. the server replies with Old Authentication Method Switch Request Packet (0xFE byte)

  3. the client sends response again, this time in the form required by Old Password Authentication method

  4. the server responds with OK_Packet and returns to command phase or ERR_Packet and closes the connection.


User Comments
Sign Up Login You must be logged in to post a comment.