MySQL 8.0.40
Source Code Documentation
|
Authentication::WindowsAuth:
The Windows Native Authentication method is more complex than the other methods and extends the auth protocol as it has to send more data forth and back than the old handshake permitted.
Basically it wraps the output of the [Negotiate SSP]("http://msdn.microsoft.com/en-us/library/windows/desktop/aa378748(v=VS.85).aspx") in the Auth Phase protocol which either means NTLM or SPNEGO are used as underlying protocol.
Due to the implementation details the Windows Native Authentication method doesn't use the fast path of the Connection Phase, but is only triggered on request as part of the Protocol::AuthSwitchRequest: packet.
The client will send either a SPNEGO or a NTLM packet as a next packet.
To implement the protocol one can use several existing implementations:
Uses GSS-API as protocol and negotiates the proper auth-method automatically.