MySQL Internals Manual  /  X Protocol  /  Authentication

15.2 Authentication

Topics in this section:

Authentication is implemented according to RFC 4422 (SASL):

service-name

mysql (see http://www.iana.org/assignments/gssapi-service-names/gssapi-service-names.xhtml)

mechanism-negotiation

CapabilitiesGet

messages

  1. AuthenticateStart

  2. AuthenticateContinue

  3. Error

  4. AuthenticateOk

PLAIN Authentication

Figure 15.5 PLAIN Authentication

Image description follows.
Image description

EXTERNAL Authentication

Figure 15.6 EXTERNAL Authentication

Image description follows.
Image description

MYSQL41 Authentication

MYSQL41 authentication is:

  • supported by MySQL 4.1 and later

  • a challenge/response protocol using SHA1

  • similar to CRAM-MD5 ( RFC 2195) 

1. C:
2. S: challenge
3. C: [ authzid ] \0 authcid \0 response \0
4. S: AuthenticateOk
authzid

empty

authcid

user name

challenge

server side, one time random challenge

response

HEX(SHA1(password) ^ SHA1(challenge + SHA1(SHA1(password))))

Figure 15.7 MYSQL41 Authentication

Image description follows.
Image description


PREV   HOME   UP   NEXT