Please update Readme with SHA2 password authentication example.
suchislife801 opened this issue · 6 comments
Where is the working example for this feature? I still have no idea how to implement it.
It should work without additional configuration on the client.
But there may be some problem for some MySQL server configuration as we didn't implement the Authentication Method Mismatch protocol.
It does not work with Digital Ocean MySQL 8.0 Authetication. It does not either when Digital Ocean by passes it down to MySQL 5.x
My Config example below. Are these settings correct as far as you know? Digital Ocean Managed Database.
caching_sha2_password_auto_generate_rsa_keys ON
caching_sha2_password_private_key_path private_key.pem
caching_sha2_password_public_key_path public_key.pem
default_authentication_plugin caching_sha2_password
sha256_password_auto_generate_rsa_keys ON
sha256_password_private_key_path private_key.pem
sha256_password_proxy_users OFF
sha256_password_public_key_path public_key.pem
Caching_sha2_password_rsa_public_key -----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs1cnMPdb/ve74aUw0oku
JSUcAlmcPGSWknBR3fP5OX1wfLey/ES/mcPyAZ6TQ4X0liAiCP6hmVr9oncungK7
cbG7JrwZjhOp5OUJ0yzDYEbEIRv6LRgD5wkj0U8SKc8ndFLrFTptbKgF7ZgySW6i
IGZof6HCSRi7nbSOICi+cafTI7dN9Y+PYvIEHhEHeu2RY+mAK+WpiXUYR6+3e7Ur
t0Kmq9+XkRH8ACcuvEoGQFCdz2FC8yB7ST6QKN6magClwd8218D6B8d99L6OoKAE
lomYxLDTnARWnKFKNhnCqcUS9cAyKHPQxC5jvVBZ5+Go0hXXdJVlmIe0KeKVZjW+
NwIDAQAB
-----END PUBLIC KEY-----
Is there still no solution to to this? Nothing at all? The most IMPORTANT part of the project which is to connect, does not actually work.
@lideming Is there any reference for Authentication Method Mismatch protocol? The link is invalid now. I'd like to do some research and willing to contribute if it is in my ablity
@shiyuhang0 It's the "Authentication Method Mismatch" part in Connection Phase (https://dev.mysql.com/doc/dev/mysql-server/latest/page_protocol_connection_phase.html). We have implemented only the "Authentication Phase Fast Path" currently and can not switch authentication method in case of the mismatch. Thanks for your research and PRs are welcome.