Documentation Home
MySQL Internals Manual

MySQL Internals Manual  /  ...  /  Windows Native Authentication

14.3.5 Windows Native Authentication





The Windows Native Authentication method is more complex than the other methods and extends the auth protocol as it has to send more data forth and back than the old handshake permitted.

Basically it wraps the output of the Negotiate SSP in the Auth Phase protocol which either means NTLM or SPNEGO are used as underlying protocol.

Due to the implementation details the Windows Native Authentication method doesn't use the fast path of the Connection Phase, but is only triggered on request as part of the Authentication Method Switch Request Packet.


Due to implementation details (again) the first packet sent from the client to the server is expected to be either

  • 254 bytes long max or

  • send the first 254 bytes first, appended by 1 byte with a magic value plus a 2nd packet with rest of the data

All following win-auth-packets don't get split.

The client will either send a SPNEGO or NTLM packet as next packet.

To implement the protocol several implementations exist: