Connection phase of mysql protocol, plugin authentication
Posted by: Dorothy Ordogh
Date: December 30, 2020 10:03AM

Hi all,

I'm updating Finagle's custom client to use pluggable authentication when before we were using the native password authentication. I've read through the packet types (https://dev.mysql.com/doc/dev/mysql-server/latest/page_protocol_connection_phase_packets.html) and how the caching_sha2_password plugin works (https://dev.mysql.com/doc/dev/mysql-server/latest/page_caching_sha2_authentication_exchanges.html). I've even taken a look at the java connector (https://github.com/mysql/mysql-connector-j/blob/release/8.0/src/main/protocol-impl/java/com/mysql/cj/protocol/a/authentication/CachingSha2PasswordPlugin.java#L81-L155) and I can't seem to get it right.

As it stands, we establish an SSL connection before the HandshakeResponse is sent to the server, so I'm looking at trying to send the plain text password to the server for authentication in the AuthSwitchResponse, but I'm getting an access denied. I've verified that the user exists and the host is correct. It works with the mysql_native_password plugin, but I must be sending the wrong thing in the packet when I respond to the AuthSwitchRequest.

Does anyone know of additional docs that I can look at that more clearly describe authentication during the connection phase (specifically what goes in the AuthSwitchResponse and what is returned in AuthMoreData) or can anyone point me to where I might be going wrong? I would GREATLY appreciate it, thank you!

Options: ReplyQuote


Subject
Written By
Posted
Connection phase of mysql protocol, plugin authentication
December 30, 2020 10:03AM


Sorry, only registered users may post in this forum.

Content reproduced on this site is the property of the respective copyright holders. It is not reviewed in advance by Oracle and does not necessarily represent the opinion of Oracle or any other party.