MySQL 8.3 Release Notes
MySQL includes a mysql_native_password plugin
that implements native authentication; that is, authentication
based on the password hashing method in use from before the
introduction of pluggable authentication.
Note
The mysql_native_password authentication
plugin is deprecated and subject to removal in a future
version of MySQL.
The following table shows the plugin names on the server and client sides.
Table 8.16 Plugin and Library Names for Native Password Authentication
| Plugin or File | Plugin or File Name |
|---|---|
| Server-side plugin | mysql_native_password |
| Client-side plugin | mysql_native_password |
| Library file | None (plugins are built in) |
The following sections provide installation and usage information specific to native pluggable authentication:
For general information about pluggable authentication in MySQL, see Section 8.2.17, “Pluggable Authentication”.
The mysql_native_password plugin exists in
server and client forms:
The server-side plugin is built into the server, need not be loaded explicitly, and cannot be disabled by unloading it.
The client-side plugin is built into the
libmysqlclientclient library and is available to any program linked againstlibmysqlclient.
MySQL client programs use
mysql_native_password by default. The
--default-auth option can be
used as a hint about which client-side plugin the program can
expect to use:
$> mysql --default-auth=mysql_native_password ...
As a built-in plugin, the
mysql_native_password server-side plugin
installs and loads by default, although it is not the default
password mechanism for performing authentication. The
--
option permits disabling the plugin at server startup.
plugin_name[=activation_state]
$> mysqld --mysql_native_password=OFF ...
In the previous example, the
activation_state value
OFF is equivalent to off
or 0. If a DBA disables the plugin at
server startup, all of the operations that depend on the
plugin are inaccessible. Specifically:
Defined user accounts that authenticate with
mysql_native_passwordencounter an error when they attempt to connect.$> MYSQL -u userx -p ERROR 1045 (28000): Access denied for user 'userx'@'localhost' (using password: NO)The server writes these errors to the server log.
Attempts to create a new user account or to alter an existing user account identified with
mysql_native_passwordalso fail and emit an error.mysql> CREATE USER userxx@localhost IDENTIFIED WITH 'mysql_native_password'; ERROR 1524 (HY000): Plugin 'mysql_native_password' is not loaded mysql> ALTER USER userxy@localhost IDENTIFIED WITH 'mysql_native_password; ERROR 1524 (HY000): Plugin 'mysql_native_password' is not loaded
To enable the plugin after disabling it, restart the server
without specifying the
--
option. Optionally,
plugin_name[=activation_state]activation_state values
ON, on, or
1 also enable the plugin if used at
startup.