MySQL 8.0.40
Source Code Documentation
Authentication

Topics in this section:

Authentication is implemented according to RFC; RFC 4422 (SASL):

service-name
mysql (see http://www.iana.org/assignments/gssapi-service-names/gssapi-service-names.xhtml)
mechanism-negotiation
Mysqlx::Connection::CapabilitiesGet
messages
  1. Mysqlx::Session::AuthenticateStart
  2. Mysqlx::Session::AuthenticateContinue
  3. Mysqlx::Error
  4. Mysqlx::Session::AuthenticateOk

PLAIN Authentication

PLAIN Authentication
Note
This authentication method ia avaiable only at secure-channels, like after enabling TLS

MYSQL41 Authentication

MYSQL41 authentication is:

  • supported by MySQL 4.1 and later
  • a challenge/response protocol using SHA1
  • similar to CRAM-MD5 (RFC; RFC 2195)
1. C: AuthenticateStart
2. S: challenge
3. C: [ authzid ] \0 authcid \0 response \0
4. S: AuthenticateOk
authzid
empty
authcid
user name
challenge
server side, one time random challenge
response
HEX(SHA1(password) ^ SHA1(challenge + SHA1(SHA1(password))))
MYSQL41 Authentication

SHA256_MEMORY Authentication

SHA256_MEMORY authentication is:

  • a mechanism that reaches to user that already authenticated using PLAIN method
  • a challenge/response protocol using SHA256
  • similar to MYSQL41, instead using SHA1, it uses SHA256
  • similar to CRAM-MD5 (RFC; RFC 2195)
1. C: AuthenticateStart
2. S: challenge
3. C: [ authzid ] \0 authcid \0 response \0
4. S: AuthenticateOk
authzid
empty
authcid
user name
challenge
server side, one time random challenge
response
HEX(SHA256(password) ^ SHA256(challenge + SHA256(SHA256(password))))
SHA256_MEMORY Authentication