Re: ERROR 1045 (28000): Access denied for user 'MyUser'@'localhost' (using password: YES)
Posted by: Filipe Silva
Date: January 14, 2021 05:10AM

Hi Alex,

This is exactly the same case as the topic I mentioned in my previous reply.

The authentication plugin 'caching_sha2_password' operates internally in two modes: full-authentication mode and fast-authentication mode. In full-authentication mode passwords are sent over a secure channel (SSL or RSA-encrypted) and credentials get cached after a successful authentication; while in fast-mode no passwords are sent and no secure channel is needed, but this only works this user's credentials have been cached previously.

In your case, your application works fine if you start a mysql client for the same server and username before starting your Java application. The mysql client uses secure chanels by default, which allows enables the full-authentication mode and ends up caching the user credentials, this allows your application to operate in fast-authentication mode when new connections are created, and until the internal cache is cleared, which happens after a timeout, between server restarts or if you execute "FLUSH PRIVILEGES".

So, your options are:
1. Enable SSL in your application - just remove the "useSSL=false" option from your application's connection string (or set its value to "true"). (Note that this option is deprecated in Connector/J 8.0).
2. Configure the server with an extra pair of RSA keys and include the option "allowPublicKeyRetrieval=true" in your application's connection string. (See documentation for details)
3. Use a different authentication plugin for this user.

Option 1 is the recommended one.

I'd also recommend you useing MySQL 8.0 and Connector/J 8.0, if you aren't yet.

Reference documentation:
- https://dev.mysql.com/doc/refman/8.0/en/caching-sha2-pluggable-authentication.html
- https://dev.mysql.com/doc/refman/8.0/en/creating-ssl-rsa-files.html
- https://dev.mysql.com/doc/connector-j/8.0/en/connector-j-connp-props-security.html
- https://dev.mysql.com/doc/connector-j/8.0/en/connector-j-upgrading-to-8.0.html

Options: ReplyQuote




Sorry, only registered users may post in this forum.

Content reproduced on this site is the property of the respective copyright holders. It is not reviewed in advance by Oracle and does not necessarily represent the opinion of Oracle or any other party.