circle-info
Webinar | The Great Database Exodus: Navigating Strategic Risk in the Post-Oracle MySQL Era
Watch Nowarrow-up-right
search
Download MariaDBContact Us

Authentication Plugin - mysql_old_password

This plugin provides backward compatibility for pre-4.1 clients using an older, insecure password hashing algorithm and should not be used for new installations.

The mysql_old_password authentication plugin is the default authentication plugin that is used for an account created when no authentication plugin is explicitly mentioned and old_passwords=1 is set. It uses the pre-MySQL 4.1 password hashing algorithm, which is also used by the OLD_PASSWORD() function and by the PASSWORD() function when old_passwords=1 is set.

triangle-exclamation

It is not recommended to use the mysql_old_password authentication plugin for new installations. The password hashing algorithm is no longer secure, and the plugin is primarily provided for backward compatibility. The ed25519 authentication plugin is a more modern authentication plugin that provides simple password authentication.

hashtag
Installing the Plugin

The mysql_old_password authentication plugin is statically linked into the server, so no installation is necessary.

hashtag
Creating Users

The easiest way to create a user account with the mysql_old_password authentication plugin is to make sure that old_passwords=1 is set, and create a user account via CREATE USER that does not specify an authentication plugin, but instead specifies a password via the IDENTIFIED BYarrow-up-right clause:

SET old_passwords=1;
CREATE USER username@hostname IDENTIFIED BY 'mariadb';

If SQL_MODE does not have NO_AUTO_CREATE_USER set, then you can also create the user via GRANT:

SET old_passwords=1;
GRANT SELECT ON db.* TO username@hostname IDENTIFIED BY 'mariadb';

You can also create the user account by providing a password hash via the IDENTIFIED BY PASSWORD clause, and MariaDB validates whether the password hash is one that is compatible with mysql_old_password:

SET old_passwords=1;
Query OK, 0 rows affected (0.000 sec)

SELECT PASSWORD('mariadb');
+---------------------+
| PASSWORD('mariadb') |
+---------------------+
| 021bec665bf663f1    |
+---------------------+
1 row in set (0.000 sec)

CREATE USER username@hostname IDENTIFIED BY PASSWORD '021bec665bf663f1';
Query OK, 0 rows affected (0.000 sec)

Similar to all other authentication plugins, you could also specify the name of the plugin in the IDENTIFIED VIA clause, while providing the password hash as the USING clause:

hashtag
Changing User Passwords

You can change a user account's password with the SET PASSWORD statement, while providing the plain-text password as an argument to the PASSWORD() function:

You can also change the user account's password with the ALTER USER statement. You have to make sure that old_passwords=1arrow-up-right is set, and you have to specify a password via the IDENTIFIED BY clause:

hashtag
Client Authentication Plugins

For clients that use the libmysqlclient or MariaDB Connector/C libraries, MariaDB provides one client authentication plugin that is compatible with the mysql_old_password authentication plugin:

  • mysql_old_password

When connecting with a client or utility to a server as a user account that authenticates with the mysql_old_password authentication plugin. You may need to tell the client where to find the relevant client authentication plugin by specifying the --plugin-dir option:

However, the mysql_old_password client authentication plugin is generally statically linked into client libraries like libmysqlclient or MariaDB Connector/C, so this is not usually necessary.

hashtag
mysql_old_password

The mysql_old_password client authentication plugin hashes the password before sending it to the server.

hashtag
Support in Client Libraries

The mysql_old_password authentication plugin is one of the conventional authentication plugins, so all client libraries should support it.

This page is licensed: CC BY-SA / Gnu FDL

spinner
PreviousAuthentication Plugin - mysql_native_passwordNextAuthentication Plugin - Named Pipe

Last updated

Was this helpful?