Topics in this section:
Authentication is implemented according to RFC 4422 (SASL):
- service-name
mysql
(see http://www.iana.org/assignments/gssapi-service-names/gssapi-service-names.xhtml)- mechanism-negotiation
- messages
MYSQL41 authentication is:
supported by MySQL 4.1 and later
a challenge/response protocol using SHA1
similar to CRAM-MD5 ( RFC 2195)
1. C:
2. S: challenge
3. C: [ authzid ] \0 authcid \0 response \0
4. S: AuthenticateOk
- authzid
empty
- authcid
user name
- challenge
server side, one time random challenge
- response
HEX(SHA1(password) ^ SHA1(challenge + SHA1(SHA1(password))))