MySQL 8.0.39
Source Code Documentation
|
Plugin caching_sha2_password works in two phases.
If server has cached hash entry for given user in memory, it uses scramble sent by client to perform fast authentication. If it is a success, authentication is done and connection will move to command phase. If there is an error, server will signal client to switch to full authentication that involves sending password over a secure connection server. Server then verifies password against authentication_string for given user account. If it is a success, server caches hash entry for the account and connection enters command phase. If there is an error, server sends error information to client and connection is terminated.
Following section describes state transitions and message exchanges between server and client.
Note that there are additional sanity checks performed by server and client at various steps. Such steps may result into end of communication by either party. However, such sanity checks are not covered in the diagram below.
Legends