WL#12694: Deprecate the non-caching sha256 authentication plugin
Affects: Server-8.0 — Status: Complete — Priority: Medium
Caching SHA-2 Pluggable Authentication is a superset of SHA-256 Pluggable Authentication. As such (and also because it's now the new default authentication method) it doesn't make sense to keep sha-256 anymore. This worklog is about deprecating sha256 as both a server side authentication plugin (a deprecation warning will be issued when used) and as a client side authentication plugin (since the libmysql client library cannot generate warnings by itself it'll be a documentation only add-on).
Caching SHA-2 authentication plug-in uses caching on the server side for better performance and has additional features for wider applicability. Caching SHA-2 authentication plug-in is a super set of SHA-256 authentication plug-in. SHA-256 authentication plug-in will be deprecated. MySQL server will give deprecate message when SHA-256 authentication method is used. FR 1.1: MySQL server will give deprecate message in the server log when user with SHA-256 authentication method try to authenticate. FR 1.2: MySQL server will give deprecate message in the server log when CREATE/ALTER USER with sha256_password SQL command is used. NFR 1: For MySQL clients, SHA-256 authentication method deprecate message will be documented. NFR 2: None of the sha256_password deprecate message will be shown in the MySQL console.
Copyright (c) 2000, 2019, Oracle Corporation and/or its affiliates. All rights reserved.