Hi John,

MySQL authentication has come a long way since only having a single auth method.
You may want to check https://dev.mysql.com/worklog/task/?id=1054 and https://dev.mysql.com/doc/refman/5.7/en/pluggable-authentication.html for some background.

The idea is that we have pairs of authentication plugins (one on the server and one on the client) that do take over the network link at a certain stage and, communicating with each other if needed, try to process the credentials of the user and present the server with a yes/no answer if it should authenticate the session or not.

One of the methods you're trying to describe above is the mysql_native authentication plugin pair.
https://dev.mysql.com/doc/refman/5.7/en/native-pluggable-authentication.html

It used to be described into the internals manual, but it's got to be very outdated so we are (gradually) migrating it to doxygen. This is still work in progress and you can follow it on https://dev.mysql.com/doc/dev/mysql-server/latest/PAGE_PROTOCOL.html.

But for the time being you can access the old one too, e.g.: https://web.archive.org/web/20160304105938/https://dev.mysql.com/doc/internals/en/client-server-protocol.html

When it comes to native_auth the old one is pretty accurate.

I guess https://web.archive.org/web/20160316124125/https://dev.mysql.com/doc/internals/en/secure-password-authentication.html#packet-Authentication::Native41 answers your question on the formula used.

Just curious: what exactly are you trying to achieve ?
Why is it not an option for you to use a mysql connector library ?
Note that if you implement your own protocol handling code you'll also need to maintain it so that reflects all the changes to the protocol that we do.

Maybe there's something that we can add to the existing connectors that will make them usable for your purposes ?

Georgi "Joro" Kodinov
MySQL SrvGen team lead
Plovdiv, Bulgaria