MySQL and MariaDB Authentication Plugins Reference

May 25, 2026 · View on GitHub

This document provides a comprehensive overview of authentication plugins across MySQL and MariaDB, including security levels, deprecation status, and platform support.

Summary Table

Plugin NameDescriptionAlgorithmSecurity LevelDeprecated / ObsoletePresent in MySQLPresent in MariaDB
mysql_native_passwordHistorical default authentication method.Double-SHA-1LowYes (Removed from MySQL 8.4+ / Deprecated in MariaDB)✅ (Obsolete)✅ (Historical default)
mysql_old_passwordAncient pre-4.1 authentication method.Legacy pre-4.1 hashVery LowYes (Removed)✅ (Obsolete)
sha256_passwordAuthenticates using SHA-256 with salting.SHA-256HighYes (Due to CPU scalability issues without TLS)❌ (Removed in 8.4)
caching_sha2_passwordOptimized version of SHA-256 with memory caching.SHA-256HighNo✅ (Default since 8.0)✅ (Since v11.4 for compatibility)
unix_socketAuthentication via OS-level user identity (UID).OS IdentityVery HighNo✅ (as auth_socket)
ed25519Elliptic Curve digital signature algorithm (EdDSA).Ed25519Very HighNo❌ (Except via third-party Enterprise modules)
parsecPassword Authentication using Response Signed with Elliptic Curve (new MariaDB standard).PBKDF2 + SHA-512 + Ed25519MaximalNo