# COM\_CHANGE\_USER `COM_CHANGE_USER` resets the connection and re-authenticates with the given credentials. The packet is identical to the authentication packet in the connection handshake. ## Fields * [int<1>](https://mariadb.com/docs/server/reference/protocol-data-types#fixed-length-integers) `0x11` : `COM_CHANGE_USER` header. * [string\](https://mariadb.com/docs/server/reference/protocol-data-types#null-terminated-strings) username. * If (`server_capabilities` & `CLIENT_SECURE_CONNECTION`): * [int<1>](https://mariadb.com/docs/server/reference/protocol-data-types#fixed-length-integers) length of authentication response. * string authentication response. * Else: * [string\](https://mariadb.com/docs/server/reference/protocol-data-types#null-terminated-strings) authentication response. * [string\](https://mariadb.com/docs/server/reference/protocol-data-types#null-terminated-strings) default schema name. * [int<2>](https://mariadb.com/docs/server/reference/protocol-data-types#fixed-length-integers) client character collation. * If (`server_capabilities` & `CLIENT_PLUGIN_AUTH`): * [string\](https://mariadb.com/docs/server/reference/protocol-data-types#null-terminated-strings) authentication plugin name. * If (`server_capabilities` & `CLIENT_CONNECT_ATTRS`): * [int\](https://mariadb.com/docs/server/reference/protocol-data-types#length-encoded-integers) size of connection attributes. * Loop: * [string\](https://mariadb.com/docs/server/reference/protocol-data-types#length-encoded-strings) key. * [string\](https://mariadb.com/docs/server/reference/protocol-data-types#length-encoded-strings) value. ## Response Server response is like [connection authentication](https://mariadb.com/docs/server/reference/clientserver-protocol/1-connecting/connection) : * An `OK` packet in case of success [OK\_Packet](https://mariadb.com/docs/server/reference/clientserver-protocol/4-server-response-packets/ok_packet). * An error packet in case of error [ERR\_Packet](https://mariadb.com/docs/server/reference/clientserver-protocol/4-server-response-packets/err_packet). * Authentication switch: * If the client or server doesn't have `PLUGIN_AUTH` capability: * Server sends `0xFE` byte. * Client sends `old_password`. * Else: * Server sends [Authentication switch request](#authentication-switch-request). * Client may have many exchanges with the server according to the [Plugin](#plugin-list). * Authentication switch ends with server sending either [OK\_Packet](https://mariadb.com/docs/server/reference/clientserver-protocol/4-server-response-packets/ok_packet) or [ERR\_Packet](https://mariadb.com/docs/server/reference/clientserver-protocol/4-server-response-packets/err_packet). If the authentication fails more than three times, all future `COM_CHANGE_USER` commands on the connection will return the `#08S01 Unknown command` error. This is an anti-brute-force mechanism designed to prevent rapid guessing of passwords. *This page is licensed: CC BY-SA / Gnu FDL* {% @marketo/form formId="4316" %}