MySQL Forums
Forum List  »  Security

Re: SHA1 handshake pass
Posted by: Georgi Kodinov
Date: September 19, 2017 03:08AM

Hi John,

MySQL authentication has come a long way since only having a single auth method.
You may want to check https://dev.mysql.com/worklog/task/?id=1054 and https://dev.mysql.com/doc/refman/5.7/en/pluggable-authentication.html for some background.

The idea is that we have pairs of authentication plugins (one on the server and one on the client) that do take over the network link at a certain stage and, communicating with each other if needed, try to process the credentials of the user and present the server with a yes/no answer if it should authenticate the session or not.

One of the methods you're trying to describe above is the mysql_native authentication plugin pair.
https://dev.mysql.com/doc/refman/5.7/en/native-pluggable-authentication.html

It used to be described into the internals manual, but it's got to be very outdated so we are (gradually) migrating it to doxygen. This is still work in progress and you can follow it on https://dev.mysql.com/doc/dev/mysql-server/latest/PAGE_PROTOCOL.html.

But for the time being you can access the old one too, e.g.: https://web.archive.org/web/20160304105938/https://dev.mysql.com/doc/internals/en/client-server-protocol.html

When it comes to native_auth the old one is pretty accurate.

I guess https://web.archive.org/web/20160316124125/https://dev.mysql.com/doc/internals/en/secure-password-authentication.html#packet-Authentication::Native41 answers your question on the formula used.

Just curious: what exactly are you trying to achieve ?
Why is it not an option for you to use a mysql connector library ?
Note that if you implement your own protocol handling code you'll also need to maintain it so that reflects all the changes to the protocol that we do.

Maybe there's something that we can add to the existing connectors that will make them usable for your purposes ?

Georgi "Joro" Kodinov
MySQL SrvGen team lead
Plovdiv, Bulgaria

Options: ReplyQuote


Subject
Views
Written By
Posted
988
September 18, 2017 02:58AM
Re: SHA1 handshake pass
470
September 19, 2017 03:08AM
438
September 21, 2017 05:15AM
440
September 25, 2017 02:16AM


Sorry, you can't reply to this topic. It has been closed.

Content reproduced on this site is the property of the respective copyright holders. It is not reviewed in advance by Oracle and does not necessarily represent the opinion of Oracle or any other party.