Details
-
Task
-
Status: Closed (View Workflow)
-
Critical
-
Resolution: Fixed
-
2.3.0
-
None
Description
MySQL 8.0 introduced a new authentication plugin "caching_sha2_password" plugin, which is enabled by default and will be used as standard plugin:
Workflow:
1) Server sends scramble packet
2) Clients generates a sha256 hashed authentication string with the following mechanism:
digest1= sha256(password)
digest2= sha256(digest1)
digest3= sha256(digest2, scramble)
digest4= xor(digest1, digest3)
3) Client sends digest4 as authentication string
On success server sends a packet with length=1 and content=3. In case the password was not cached, server requires same authentication mechanism as in sha256_password with a little difference, the padding algorithm is PKCS1 v1.5 padding instead of OAEP.
Attachments
Issue Links
- relates to
-
CONJ-327 Handle sha256_password plugin
- Closed
-
CONJS-76 Implement sha256_password support
- Closed
-
CONJS-77 Implement caching_sha256_password support
- Closed
-
MDEV-9804 Implement a sha256_password / caching_sha256_password plugin
- Open
-
MXS-1325 Add sha256_password authenticator
- Closed
-
ODBC-241 Add parameter that corresponds to MYSQL_SERVER_PUBLIC_KEY option from MariaDB Connector/C
- Closed
-
CONC-229 SHA256 authentication plugin
- Closed
-
CONC-312 Implement caching_sha2_password plugin
- Closed