Authentication Plugin - mysql_old_password
The mysql_old_password
authentication plugin is the default authentication plugin that will be used for an account created when no authentication plugin is explicitly mentioned and old_passwords=1
is set. It uses the pre-MySQL 4.1 password hashing algorithm, which is also used by the OLD_PASSWORD()
function and by the PASSWORD()
function when old_passwords=1
is set.
Contents
Installing the Plugin
The mysql_old_password
authentication plugin is statically linked into the server, so no installation is necessary.
Creating Users
It is not recommended to create new users with the mysql_old_password
authentication plugin. The password hashing algorithm is no longer secure, and the plugin is primarily provided for backward-compatibility.
The easiest way to create a user with the mysql_old_password
authentication plugin is to make sure that old_passwords=1
is set, and then create a user account that does not specify an authentication plugin. For example:
SET old_passwords=1; CREATE USER username@hostname IDENTIFIED BY 'mariadb';
If SQL_MODE
does not have NO_AUTO_CREATE_USER
set, then you can also create the user via GRANT
. For example:
GRANT SELECT ON db.* TO username@hostname IDENTIFIED BY 'mariadb';
Similar to all other authentication plugins, you could also specify the name of the plugin in the IDENTIFIED VIA
clause while providing the password hash as the USING
clause. For example:
SET old_passwords=1; Query OK, 0 rows affected (0.000 sec) SELECT PASSWORD('mariadb'); +---------------------+ | PASSWORD('mariadb') | +---------------------+ | 021bec665bf663f1 | +---------------------+ 1 row in set (0.000 sec) CREATE USER username@hostname IDENTIFIED VIA mysql_old_password USING '021bec665bf663f1'; Query OK, 0 rows affected (0.000 sec)