MySQL includes two plugins that implement native authentication;
that is, authentication based on the password hashing methods in
use from before the introduction of pluggable authentication.
This section describes
which implements authentication against the
mysql.user table using the older (pre-4.1)
native password hashing method. For information about
mysql_native_password, which implements
authentication using the native password hashing method, see
Section 126.96.36.199, “Native Pluggable Authentication”. For
information about these password hashing methods, see
Section 188.8.131.52, “Password Hashing in MySQL”.
Passwords that use the pre-4.1 hashing method are less secure than passwords that use the native password hashing method and should be avoided.
mysql_old_password native authentication
plugin is backward compatible. Older clients that do not support
authentication plugins do use the native
authentication protocol, so they can
connect to servers that support pluggable authentication.
The following table shows the plugin names on the server and client sides.
Table 6.10 Plugin and Library Names for Old Native Password Authentication
|Server-side plugin name|
|Client-side plugin name|
|Library file name||None (plugins are built in)|
The following sections provide installation and usage information specific to old native pluggable authentication:
For general information about pluggable authentication in MySQL, see Section 6.3.6, “Pluggable Authentication”.
mysql_old_password plugin exists in
server and client forms:
The server-side plugin is built into the server, need not be loaded explicitly, and cannot be disabled by unloading it.
The client-side plugin is built into the
libmysqlclientclient library and available to any program linked against
MySQL client programs can use the
--default-auth option to specify
mysql_old_password plugin as a hint
about which client-side plugin the program can expect to use:
shell> mysql --default-auth=mysql_old_password ...
If an account row specifies no plugin name, the server
authenticates the account using either the
mysql_old_password plugin, depending on
whether the password hash value in the
Password column used native hashing or the
older pre-4.1 hashing method. Clients must match the password
Password column of the account row.