The Clear-Text Client-Side Authentication Plugin
As of MariaDB 5.6.2, a client-side authentication plugin is available that sends the password to the server without hashing or encryption. This plugin is built into the MariaDB client library.
The following table shows the plugin name.
Table 5.14. MariaDB Clear Text Authentication Plugin
| Server-side plugin name | None, see discussion |
| Client-side plugin name | mysql_clear_password
|
| Library object file name | None (built in) |
With native MariaDB authentication, the client performs one-way hashing on the password before sending it to the server. This enables the client to avoid sending the password in clear text. See , "Password Hashing in MySQL". However, because the hash algorithm is one way, the original password cannot be recovered on the server side.
One-way hashing cannot be done for authentication schemes that require the server to receive the password as entered on the client side. In such cases, the mysql_clear_password client-side plugin can be used to send the password to the server in clear text. There is no corresponding server-side plugin. Rather, the client-side plugin can be used by any server-side plugin that needs a clear text password.
For general information about pluggable authentication in MySQL, see , "Pluggable Authentication".Note
Sending passwords in clear text may be a security problem in some configurations. To avoid problems if there is any possibility that the password would be intercepted, clients should connect to MariaDB Server using a method that protects the password. Possibilities include SSL (see , "Using SSL for Secure Connections"), IPsec, or a private network.