MySQL  8.0.20
Source Code Documentation
Authentication

Topics in this section:

Authentication is implemented according to RFC; RFC 4422 (SASL):

service-name
mysql (see http://www.iana.org/assignments/gssapi-service-names/gssapi-service-names.xhtml)
mechanism-negotiation
CapabilitiesGet
messages
  1. AuthenticateStart
  2. AuthenticateContinue
  3. Error
  4. AuthenticateOk

PLAIN Authentication

PLAIN Authentication

EXTERNAL Authentication

EXTERNAL Authentication

MYSQL41 Authentication

MYSQL41 authentication is:

  • supported by MySQL 4.1 and later
  • a challenge/response protocol using SHA1
  • similar to CRAM-MD5 (RFC; RFC 2195)
1. C:
2. S: challenge
3. C: [ authzid ] \0 authcid \0 response \0
4. S: AuthenticateOk
authzid
empty
authcid
user name
challenge
server side, one time random challenge
response
HEX(SHA1(password) ^ SHA1(challenge + SHA1(SHA1(password))))
MYSQL41 Authentication