Authentication Plugin - SHA-256
Contents
MySQL 5.6 added support for the sha256_password
authentication plugin, and MySQL 8.0 also added support for the caching_sha2_password
authentication plugin. MariaDB Server does not currently support either of these authentication plugins.
The main reasons we have not added support for either of these protocols in the MariaDB server (the MariaDB Connector/C supports them to enable one to use them to connect them to MySQL) are:
- To use the protocol, one has to distribute the servers public key to all MariaDB users, which can be cumbersome and unpractical.
- The server gets the password in clear text which can cause problems if the users is convinced to connects to a malicious server.
Client-Side Support
On the client side, MariaDB Connector/C added support for both the sha256_password
and caching_sha2_password
authentication plugins. Therefore, clients that use MariaDB Connector/C can authenticate with MySQL Server installations that use these authentication plugins.
See CONC-229 and CONC-312 for more information.
See also
- MDEV-9804 contains the plans to use if we ever decide to support these protocols.
- History of MySQL and MariaDB authentication protocols