Documentation Home
MySQL Internals Manual

MySQL Internals Manual  /  ...  /  Authentication Method Mismatch

14.2.3 Authentication Method Mismatch

Assume that client wants to log in as user U and that user account uses authentication method M. If

  1. server's default method used to generate authentication payload for Initial Handshake Packet was different than M, or

  2. method used by client to generate authentication reply in Handshake Response Packet was different than M

then there is an authentication method missmatch and authentication exchange must be restarted using the correct authentication method.

  1. The missmatch can happen even if client and server used the same authentication method in the initial handshake, but this method was different from the method M required by the user account.

  2. In the 4.1+ server the default authentication method is always Secure Password Authentication. For mysql client this is configurable with --default-auth option. Note hovewer, that as long as server uses Secure Password Authentication as its default method, there is no point in changing client's default authentication method to anything else. Doing so will always lead to method missmatch and the following authentication method switch request from server.

  3. A sensibe thing to do for a client would be to see the server's default authentication method announced in the Initial Handshake Packet and try to use the same method for generating the Handshake Response Packet. However, this behavior is not yet implemented in the current mysql client library.

If authentication method missmatch happens, server sends to client the Authentication Method Switch Request Packet which contains the name of the authentication method to be used and the first authentication payload generated by the new method. Client should switch to the requested authentication method and continue exchange as dictated by that method. If client does not know the requested method it should disconnect.