Authentication with `sha256_password` for MariaDB Xpand

This page is part of MariaDB's Documentation.

The parent of this page is: Authentication for MariaDB Xpand

Topics on this page:

Overview
Compatibility
Create
Switch to sha256_password
Use sha256_password without TLS/SSL

Overview

MariaDB Xpand supports the sha256_password authentication plugin.

Compatibility

MariaDB Xpand 5.3
MariaDB Xpand 6.0
MariaDB Xpand 6.1

Create

To create a database user account that uses the sha256_password authentication method, specify the method in the CREATE USER statement:

CREATE USER 'USER'@'192.0.2.%'
   IDENTIFIED WITH sha256_password BY 'PASSWD';

Switch to `sha256_password`

If a database user account is configured to use the mysql_native_password authentication method, the ALTER USER statement can switch the user account to the sha256_password authentication method:

ALTER USER 'USER'@'192.0.2.%'
   IDENTIFIED WITH sha256_password BY 'PASSWD';

Use `sha256_password` without TLS/SSL

To use SHA256 passwords without TLS/SSL:

Generate public and private RSA keys
Set the following global variables with the paths to the keys:

SET GLOBAL sha256_password_public_key_path = 'path_to_public_key.pem';
SET GLOBAL sha256_password_private_key_path = 'path_to_private_key.pem';

Direct the cluster to load the keys:

ALTER CLUSTER RELOAD RSA;

Authentication with sha256_password for MariaDB Xpand