mirror of
http://git.haproxy.org/git/haproxy.git
synced 2026-02-03 19:43:32 +02:00
2527d9dcd1
This patch adds a new 'post-80' option that sets the CLIENT_PLUGIN_AUTH (0x00080000) capability flag and explicitly specifies mysql_native_password as the authentication plugin in the handshake response. This patch also addes documentation content for post-80 option support in MySQL 8.x version. Which handles new default auth plugin caching_sha2_password. MySQL 8.0 changed the default authentication plugin from mysql_native_password to caching_sha2_password. The current mysql-check implementation only supports pre-41 and post-41 client auth protocols, which lack the CLIENT_PLUGIN_AUTH capability flag. When HAProxy sends a post-41 authentication packet to a MySQL 8.x server, the server responds with error 1251: "Client does not support authentication protocol requested by server". The new client capabilities for post-80 are: - CLIENT_PROTOCOL_41 (0x00000200) - CLIENT_SECURE_CONNECTION (0x00008000) - CLIENT_PLUGIN_AUTH (0x00080000) Usage example: backend mysql_servers option mysql-check user haproxy post-80 server db1 192.168.1.10:3306 check The health check user must be created with mysql_native_password: CREATE USER 'haproxy'@'%' IDENTIFIED WITH mysql_native_password BY ''; This addresses https://github.com/haproxy/haproxy/issues/2934.
