MySQL includes two plugins that implement native authentication;
that is, authentication against passwords stored in the
Password column of the
mysql.user table. This section describes
mysql_native_password, which implements
authentication against the
using the native password hashing method. For information about
mysql_old_password, which implements
authentication using the older (pre-4.1) password hashing
method, see Section 7.1.2, “The Old Native Authentication Plugin”.
For information about these password hashing methods, see
Section 2.2.4, “Password Hashing in MySQL”.
authentication plugin is backward compatible. Clients older than
MySQL 5.5.7 do not support authentication
plugins but do use the native
authentication protocol, so they can
connect to servers from MySQL 5.5.7 and up.
The following table shows the plugin names on the server and client sides.
Table 7.1 MySQL Native Password Authentication Plugin
|Server-side plugin name|
|Client-side plugin name|
|Library file name||None (plugins are built in)|
The plugin exists in both client and server form:
The server-side plugin is built into the server, need not be loaded explicitly, and cannot be disabled by unloading it.
The client-side plugin is built into the
libmysqlclientclient library as of MySQL 5.5.7 and available to any program linked against
libmysqlclientfrom that version or higher.
MySQL client programs use
mysql_native_passwordby default. The
--default-authoption can be used as a hint about which client-side plugin the program can expect to use:
mysql --default-auth=mysql_native_password ...
If an account row specifies no plugin name, the server
authenticates the account using either the
mysql_old_password plugin, depending on
whether the password hash value in the
Password column used native hashing or the
older pre-4.1 hashing method. Clients must match the password in
Password column of the account row.
For general information about pluggable authentication in MySQL, see Section 5.7, “Pluggable Authentication”.