Documentation Home
Connectors and APIs Manual
Download this Manual
PDF (US Ltr) - 4.1Mb
PDF (A4) - 4.1Mb


5.5.9 Authentication Options

Connector/ODBC supports different authentication methods, including:

  • Standard authentication using a MySQL username and password, such as caching_sha2_password.

  • The Kerberos authentication protocol for passwordless authentication. For more information about Kerberos authentication, see Kerberos Pluggable Authentication.

    Support added in Connector/ODBC 8.0.26 for Linux clients, and 8.0.27 for Windows clients.

  • Multi-Factor Authentication (MFA) by utilizing the PASSWORD1 (alias of PASSWORD), PASSWORD2, and PASSWORD3 connection options. In addition there are PWD1, PWD2, and PWD3 aliases.

    Support added in Connector/ODBC 8.0.28.

  • FIDO-based authentication is supported and Connector/ODBC supports both MySQL Enterprise Edition FIDO-based authentication plugins: WebAuthn Pluggable Authentication and the deprecated FIDO Pluggable Authentication plugin. See the general WebAuthn Pluggable Authentication documentation for installation requirements and implementation details.

    Note

    Support for the now deprecated authentication_fido plugin was added in Connector/ODBC 8.0.29, with callback support added in 8.0.30. Support for the authentication_webauthn plugin was added in Connector/ODBC 8.2.0.

    These same client-side constants set callbacks for both the authentication_fido (deprecated) and authentication_webauthn authentication plugins. Callback support:

    // SQL_DRIVER_CONNECT_ATTR_BASE is not defined in all driver managers.
    // Therefore use a custom constant until it becomes a standard.
    #define MYSQL_DRIVER_CONNECT_ATTR_BASE 0x00004000
    // Custom constants used for callback
    #define CB_FIDO_GLOBAL MYSQL_DRIVER_CONNECT_ATTR_BASE + 0x00001000
    #define CB_FIDO_CONNECTION MYSQL_DRIVER_CONNECT_ATTR_BASE + 0x00001001
    // Usage example
    // Callback function inside code:
    void user_callback(const char* msg)
    {
       // Do something ...
    }
    SQLHENV henv = nullptr;
    SQLAllocHandle(SQL_HANDLE_ENV, nullptr, &henv);
    // Set the ODBC version to 3.80 otherwise the custom constants don't work
    SQLSetEnvAttr(henv, SQL_ATTR_ODBC_VERSION,                               
    (SQLPOINTER)SQL_OV_ODBC3_80, 0);
    SQLHDBC hdbc = nullptr;
    SQLAllocHandle(SQL_HANDLE_DBC, henv, &hdbc);
    // CB_FIDO_X is either CB_FIDO_GLOBAL or CB_FIDO_CONNECTION
    SQLSetConnectAttr(hdbc, CB_FIDO_X, &user_callback, SQL_IS_POINTER);
    SQLDriverConnect(hdbc, hwnd, conn_str, ....);