Add caching_sha2_password authentication support#72
Merged
jappeace merged 1 commit intowinterland1989:masterfrom Mar 7, 2026
Merged
Conversation
jappeace-sloth
force-pushed
the
caching-sha2-password-support
branch
from
8c475a3 to
06cf8e6
Compare
jappeace-sloth
changed the title
jappeace-sloth
force-pushed
the
caching-sha2-password-support
branch
from
06cf8e6 to
a36bdf2
Compare
…9#65) MySQL 8.0+ defaults to caching_sha2_password instead of mysql_native_password. This adds support for: - SHA256 scramble for caching_sha2_password fast auth path - AuthMoreData (0x01) handling for fast auth success / full auth request - AuthSwitchRequest (0xFE) handling when server switches auth plugin - TLS full auth (cleartext password over encrypted connection) - CLIENT_PLUGIN_AUTH capability flag and plugin name in Auth packet Plain TCP connections throw an informative AuthException when full auth is required (RSA not yet implemented). Use TLS or ensure the password verifier is cached (fast auth path). Tested against both MariaDB 11.x and MySQL 8.0 in NixOS VM integration tests. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
jappeace-sloth
force-pushed
the
caching-sha2-password-support
branch
from
a36bdf2 to
d089c8c
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
MySQL 8.0+ defaults to
caching_sha2_passwordinstead ofmysql_native_password. This PR adds support for connecting to MySQL 8.0+ servers using the default authentication plugin.Changes:
caching_sha2_passwordfast auth pathmysql_native_passwordon a server defaulting tocaching_sha2_password)AuthExceptionwhen full auth is required (RSA not yet implemented)ALTER USERsyntax (works on both MariaDB and MySQL 8.0;SET PASSWORD = PASSWORD(...)was removed in MySQL 8.0)SELECT 1compat — accepts bothMySQLInt32andMySQLInt64(MySQL 8.0 returns 64-bit for integer literals)Test plan
The same
integrationbinary runs on both MariaDB and MySQL 8.0. Thecaching_sha2_passwordtests are conditionally included when the server version starts with8.or9..nix-build nix/ci.nix -A build— compiles cleanlynix-build nix/ci.nix -A integrated-checks— MariaDB: all 4 tests passednix-build nix/ci.nix -A integrated-checks-mysql80— MySQL 8.0: all 6 tests passedCloses #65
🤖 Generated with Claude Code