Connector/C, Connector/C++: Clients that use these connectors can connect to the server only through accounts that use native authentication.

Exception: A connector supports pluggable authentication if it was built to link to libmysql dynamically (rather than statically) and it loads the current version of libmysql if that version is installed, or if the connector is recompiled from source to link against the current libmysql.

Connector/J: Clients that use this connector can connect to the server only through accounts that use native authentication.

Connector/Net: Before Connector/Net 6.4.4, clients that use this connector can connect to the server only through accounts that use native authentication. As of 6.4.4, clients can also connect to the server through accounts that use the Windows plugin.

Connector/ODBC: Before Connector/ODBC 3.51.29 and 5.1.9, clients that use this connector can connect to the server only through accounts that use native authentication. As of 3.51.29 and 5.1.9, clients that use binary releases of this connector for Windows can also connect to the server through accounts that use the PAM or Windows plugins. (These capabilities result from linking the Connector/ODBC binaries against the MySQL 5.5.16 libmysql rather than the MySQL 5.1 libmysql used previously. The newer libmysql includes the client-side support needed for the server-side PAM and Windows authentication plugins.)

Connector/PHP: Clients that use this connector can connect to the server only through accounts that use native authentication, when compiled using the MySQL native driver for PHP (mysqlnd).

MySQL Proxy: Before MySQL Proxy 0.8.2, clients can connect to the server only through accounts that use native authentication. As of 0.8.2, clients can also connect to the server through accounts that use the PAM plugin. As of 0.8.3, clients can also connect to the server through accounts that use the Windows plugin.

MySQL Enterprise Backup: MySQL Enterprise Backup before version 3.6.1 supports connections to the server only though accounts that use native authentication. As of 3.6.1, MySQL Enterprise Backup can connect to the server through accounts that use nonnative authentication.

Windows native authentication: Connecting through an account that uses the Windows plugin requires Windows Domain setup. Without it, NTLM authentication is used and then only local connections are possible; that is, the client and server must run on the same computer.

Proxy users: Proxy user support is available to the extent that clients can connect through accounts authenticated with plugins that implement proxy user capability (that is, plugins that can return a user name different from that of the connecting user). For example, the native authentication plugins do not support proxy users, whereas the PAM and Windows plugins do.

Replication: Before MySQL 5.6.4, replication slaves can connect to the master server only through master accounts that use native authentication. As of 5.6.4, replication slaves can also connect through master accounts that use nonnative authentication if the required client-side plugin is available. If the plugin is built into libmysql, it is available by default. Otherwise, the plugin must be installed on the slave side in the directory named by the slave plugin_dir system variable.

FEDERATED tables: A FEDERATED table can access the remote table only through accounts on the remote server that use native authentication.

An existing connector to which no changes have been made uses native authentication and clients that use the connector can connect to the server only through accounts that use native authentication. However, you should test the connector against a recent version of the server to verify that such connections still work without problem.

Exception: A connector might work with pluggable authentication without any changes if it links to libmysql dynamically (rather than statically) and it loads the current version of libmysql if that version is installed.

To take advantage of pluggable authentication capabilities, a connector that is libmysql-based should be relinked against the current version of libmysql. This enables the connector to support connections though accounts that require client-side plugins now built into libmysql (such as the clear-text plugin needed for PAM authentication and the Windows plugin needed for Windows native authentication). Linking with a current libmysql also enables the connector to access client-side plugins installed in the default MySQL plugin directory (typically the directory named by the default value of the local server's plugin_dir system variable).

If a connector links to libmysql dynamically, it must be ensured that the newer version of libmysql is installed on the client host and that the connector loads it at runtime.

Another way for a connector to support a given authentication method is to implement it directly in the client/server protocol. Connector/Net uses this approach to provide support for Windows native authentication.

If a connector should be able to load client-side plugins from a directory different from the default plugin directory, it must implement some means for client users to specify the directory. Possibilities for this include a command-line option or environment variable from which the connector can obtain the directory name. Standard MySQL client programs such as mysql and mysqladmin implement a --plugin-dir option. See also Section 21.8.10, “C API Client Plugin Functions”.

Proxy user support by a connector depends, as described earlier in this section, on whether the authentication methods that it supports permit proxy users.