MySQL 8.4.2
Source Code Documentation
Windows Native Authentication

Authentication::WindowsAuth:

  • The server name is authentication_windows
  • The client name is authentication_windows_client

The Windows Native Authentication method is more complex than the other methods and extends the auth protocol as it has to send more data forth and back than the old handshake permitted.

Basically it wraps the output of the [Negotiate SSP]("http://msdn.microsoft.com/en-us/library/windows/desktop/aa378748(v=VS.85).aspx") in the Auth Phase protocol which either means NTLM or SPNEGO are used as underlying protocol.

Due to the implementation details the Windows Native Authentication method doesn't use the fast path of the Connection Phase, but is only triggered on request as part of the Protocol::AuthSwitchRequest: packet.

Note
Due to implementation details (again) the first packet sent from the client to the server is expected to be either
  • 254 bytes long max or
  • send the first 254 bytes first, appended by 1 byte with a magic value plus a 2nd packet with rest of the data
Also following windows authentication packets don't get split.

The client will send either a SPNEGO or a NTLM packet as a next packet.

To implement the protocol one can use several existing implementations:

See also
win_auth_handshake_client

NTLM

Note
Removed in Windows Vista and 2008
Documented in MSDN

SPNEGO

Uses GSS-API as protocol and negotiates the proper auth-method automatically.

Tip
To decode these packets by hand you need to read: