MySQL 8.3 Release Notes
MySQL includes a mysql_native_password plugin that implements native authentication; that is, authentication based on the password hashing method in use from before the introduction of pluggable authentication.
Note
The mysql_native_password authentication plugin is deprecated and subject to removal in a future version of MySQL.
The following table shows the plugin names on the server and client sides.
Table 8.16 Plugin and Library Names for Native Password Authentication
| Plugin or File | Plugin or File Name |
|---|---|
| Server-side plugin | mysql_native_password |
| Client-side plugin | mysql_native_password |
| Library file | None (plugins are built in) |
The following sections provide installation and usage information specific to native pluggable authentication:
For general information about pluggable authentication in MySQL, see Section 8.2.17, “Pluggable Authentication”.
The mysql_native_password plugin exists in server and client forms:
-
The server-side plugin is built into the server, need not be loaded explicitly, and cannot be disabled by unloading it.
-
The client-side plugin is built into the
libmysqlclientclient library and is available to any program linked againstlibmysqlclient.
MySQL client programs use mysql_native_password by default. The --default-auth option can be used as a hint about which client-side plugin the program can expect to use:
$> mysql --default-auth=mysql_native_password ...As a built-in plugin, the mysql_native_password server-side plugin installs and loads by default, although it is not the default password mechanism for performing authentication. The -- option permits disabling the plugin at server startup.plugin_name[=activation_state]
$> mysqld --mysql_native_password=OFF ...In the previous example, the activation_state value OFF is equivalent to off or 0. If a DBA disables the plugin at server startup, all of the operations that depend on the plugin are inaccessible. Specifically:
-
Defined user accounts that authenticate with
mysql_native_passwordencounter an error when they attempt to connect.$> MYSQL -u userx -p ERROR 1045 (28000): Access denied for user 'userx'@'localhost' (using password: NO)The server writes these errors to the server log.
-
Attempts to create a new user account or to alter an existing user account identified with
mysql_native_passwordalso fail and emit an error.mysql> CREATE USER userxx@localhost IDENTIFIED WITH 'mysql_native_password'; ERROR 1524 (HY000): Plugin 'mysql_native_password' is not loaded mysql> ALTER USER userxy@localhost IDENTIFIED WITH 'mysql_native_password; ERROR 1524 (HY000): Plugin 'mysql_native_password' is not loaded
To enable the plugin after disabling it, restart the server without specifying the -- option. Optionally, plugin_name[=activation_state]activation_state values ON, on, or 1 also enable the plugin if used at startup.