Topics in this section:
Authentication is implemented according to RFC; RFC 4422 (SASL):
- service-name
mysql (see http://www.iana.org/assignments/gssapi-service-names/gssapi-service-names.xhtml)
- mechanism-negotiation
- Mysqlx::Connection::CapabilitiesGet
- messages
- Mysqlx::Session::AuthenticateStart
- Mysqlx::Session::AuthenticateContinue
- Mysqlx::Error
- Mysqlx::Session::AuthenticateOk
PLAIN Authentication
- Note
- This authentication method ia avaiable only at secure-channels, like after enabling TLS
MYSQL41 Authentication
MYSQL41 authentication is:
- supported by MySQL 4.1 and later
- a challenge/response protocol using SHA1
- similar to CRAM-MD5 (RFC; RFC 2195)
1. C: AuthenticateStart
2. S: challenge
3. C: [ authzid ] \0 authcid \0 response \0
4. S: AuthenticateOk
- authzid
- empty
- authcid
- user name
- challenge
- server side, one time random challenge
- response
HEX(SHA1(password) ^ SHA1(challenge + SHA1(SHA1(password))))
SHA256_MEMORY Authentication
SHA256_MEMORY authentication is:
- a mechanism that reaches to user that already authenticated using PLAIN method
- a challenge/response protocol using SHA256
- similar to MYSQL41, instead using SHA1, it uses SHA256
- similar to CRAM-MD5 (RFC; RFC 2195)
1. C: AuthenticateStart
2. S: challenge
3. C: [ authzid ] \0 authcid \0 response \0
4. S: AuthenticateOk
- authzid
- empty
- authcid
- user name
- challenge
- server side, one time random challenge
- response
HEX(SHA256(password) ^ SHA256(challenge + SHA256(SHA256(password))))
SHA256_MEMORY Authentication
1.9.2