Authentication Plugins
When a user attempts to log in, the authentication plugin controls how MariaDB Server determines whether the connection is from a legitimate user.
When creating or altering a user account with the GRANT, CREATE USER or ALTER USER statements, you can specify the authentication plugin you want the user account to use by providing the IDENTIFIED VIA clause. By default, when you create a user account without specifying an authentication plugin, MariaDB uses the mysql_native_password plugin.
From MariaDB 10.4:
- One can specify multiple authentication plugins for each user account.
- The
root@localhostuser created by mariadb-install-db is created with the ability to use two authentication plugins. First, it is configured to try to use the unix_socket authentication plugin. This allows the theroot@localhostuser to login without a password via the local Unix socket file defined by the socket system variable, as long as the login is attempted from a process owned by the operating systemrootuser account. Second, if authentication fails with the unix_socket authentication plugin, then it is configured to try to use the mysql_native_password authentication plugin. However, an invalid password is initially set, so in order to authenticate this way, a password must be set with SET PASSWORD.
-
Pluggable Authentication Overview
The authentication of users is delegated to plugins. -
Authentication Plugin - mysql_native_password
Uses the password hashing algorithm introduced in MySQL 4.1. -
Authentication Plugin - mysql_old_password
The mysql_old_password authentication plugin uses the pre-MySQL 4.1 password hashing algorithm. -
Authentication Plugin - ed25519
Uses the Elliptic Curve Digital Signature Algorithm to securely store users' passwords. -
Authentication Plugin - GSSAPI
The gssapi authentication plugin uses the GSSAPI interface to authenticate with Kerberos or NTLM. -
Authentication with Pluggable Authentication Modules (PAM)
Uses the Pluggable Authentication Module (PAM) framework to authenticate MariaDB users. -
Authentication Plugin - Unix Socket
Uses the user name that owns the process connected to MariaDB's unix socket file. -
Authentication Plugin - Named Pipe
Uses the user name that owns the process connected to MariaDB's named pipe on Windows. -
Authentication Plugin - SHA-256
MySQL supports the sha256_password and caching_sha2_password authentication plugins. -
Authentication Plugin - PARSEC
The PARSEC Authentication Plugin was introduced in MariaDB 11.6
Content reproduced on this site is the property of its respective owners,
and this content is not reviewed in advance by MariaDB. The views, information and opinions
expressed by this content do not necessarily represent those of MariaDB or any other party.
