> For the complete documentation index, see [llms.txt](https://mariadb.com/docs/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://mariadb.com/docs/server/reference/plugins/authentication-plugins.md).

# Authentication Plugins

{% columns %}
{% column %}
{% content-ref url="/pages/Z9Kam5LPcM937beDEcKA" %}
[Pluggable Authentication Overview](/docs/server/reference/plugins/authentication-plugins/pluggable-authentication-overview.md)
{% endcontent-ref %}
{% endcolumn %}

{% column %}
Pluggable authentication allows MariaDB to use various authentication methods, enabling external validation, different hashing algorithms, and role-based access control.
{% endcolumn %}
{% endcolumns %}

{% columns %}
{% column %}
{% content-ref url="/pages/MePJOMOOaZt8Sq8d1jUn" %}
[Authentication Plugin - caching\_sha2\_password](/docs/server/reference/plugins/authentication-plugins/authentication-plugin-caching_sha2_password.md)
{% endcontent-ref %}
{% endcolumn %}

{% column %}
MySQL-compatible caching\_sha2\_password authentication plugin, for migrating MySQL users to MariaDB without changing their passwords (migration use; PARSEC is recommended otherwise).
{% endcolumn %}
{% endcolumns %}

{% columns %}
{% column %}
{% content-ref url="/pages/cmUeUGi2jmUfZjGY2jvy" %}
[Authentication Plugin - ed25519](/docs/server/reference/plugins/authentication-plugins/authentication-plugin-ed25519.md)
{% endcontent-ref %}
{% endcolumn %}

{% column %}
The ed25519 authentication plugin provides high-security password authentication using the Elliptic Curve Digital Signature Algorithm, a modern alternative to SHA-1.
{% endcolumn %}
{% endcolumns %}

{% columns %}
{% column %}
{% content-ref url="/pages/0cVN1PzcJ0i8P7uqw5yj" %}
[Authentication Plugin - GSSAPI](/docs/server/reference/plugins/authentication-plugins/authentication-plugin-gssapi.md)
{% endcontent-ref %}
{% endcolumn %}

{% column %}
Complete GSSAPI authentication setup: Kerberos/SSPI single sign-on, INSTALL SONAME 'auth\_gssapi', gssapi\_keytab\_path/principal\_name, CREATE USER syntax.
{% endcolumn %}
{% endcolumns %}

{% columns %}
{% column %}
{% content-ref url="/pages/iYwOMW0WMcc0My61eODh" %}
[Authentication Plugin - mysql\_native\_password](/docs/server/reference/plugins/authentication-plugins/authentication-plugin-mysql_native_password.md)
{% endcontent-ref %}
{% endcolumn %}

{% column %}
Complete Authentication Plugin - mysql\_native\_password guide for MariaDB. Complete reference documentation for implementation, configuration, and usage.
{% endcolumn %}
{% endcolumns %}

{% columns %}
{% column %}
{% content-ref url="/pages/uTuBoVuSDJlMizSjbrRM" %}
[Authentication Plugin - mysql\_old\_password](/docs/server/reference/plugins/authentication-plugins/authentication-plugin-mysql_old_password.md)
{% endcontent-ref %}
{% endcolumn %}

{% column %}
This plugin provides backward compatibility for pre-4.1 clients using an older, insecure password hashing algorithm and should not be used for new installations.
{% endcolumn %}
{% endcolumns %}

{% columns %}
{% column %}
{% content-ref url="/pages/GCSIVGoo4aaVDCkYqYWN" %}
[Authentication Plugin - Named Pipe](/docs/server/reference/plugins/authentication-plugins/authentication-plugin-named-pipe.md)
{% endcontent-ref %}
{% endcolumn %}

{% column %}
The named\_pipe authentication plugin allows Windows users connecting via named pipes to authenticate using their operating system credentials without a password.
{% endcolumn %}
{% endcolumns %}

{% columns %}
{% column %}
{% content-ref url="/pages/uu95bZMkk1udYKhpJfXR" %}
[Authentication Plugin - PARSEC](/docs/server/reference/plugins/authentication-plugins/authentication-plugin-parsec.md)
{% endcontent-ref %}
{% endcolumn %}

{% column %}
PARSEC is a modern, secure authentication plugin that uses salted passwords and elliptic curve cryptography to prevent replay attacks and secure user credentials.
{% endcolumn %}
{% endcolumns %}

{% columns %}
{% column %}
{% content-ref url="/pages/gYbiEAwmPtvnurDb3WK9" %}
[Authentication Plugin - SHA-256](/docs/server/reference/plugins/authentication-plugins/authentication-plugin-sha-256.md)
{% endcontent-ref %}
{% endcolumn %}

{% column %}
The SHA-256 authentication plugin uses the SHA-256 hashing algorithm for password storage, offering stronger security than the default SHA-1 method.
{% endcolumn %}
{% endcolumns %}

{% columns %}
{% column %}
{% content-ref url="/pages/eTXrVaFqwqdEU1MXPLl7" %}
[Authentication Plugin - Unix Socket](/docs/server/reference/plugins/authentication-plugins/authentication-plugin-unix-socket.md)
{% endcontent-ref %}
{% endcolumn %}

{% column %}
Official Unix socket authentication: OS user login via SO\_PEERCRED/uid matching, CREATE USER IDENTIFIED VIA unix\_socket, and unix\_socket force modes.
{% endcolumn %}
{% endcolumns %}

{% columns %}
{% column %}
{% content-ref url="/pages/0vzrgN4PvT6Wk8MOxRmK" %}
[Authentication with Pluggable Authentication Modules (PAM)](/docs/server/reference/plugins/authentication-plugins/authentication-with-pluggable-authentication-modules-pam.md)
{% endcontent-ref %}
{% endcolumn %}

{% column %}
Learn about authentication with Pluggable Authentication Modules (PAM) in MariaDB Server. This section details how to integrate MariaDB with PAM for centralized and flexible user authentication.
{% endcolumn %}
{% endcolumns %}
