Apr
06
2022
--

Upgrade your Libraries: Authentication Plugin ‘caching_sha2_password’ Cannot be Loaded

'caching_sha2_password' Cannot be Loaded

'caching_sha2_password' Cannot be LoadedFor my previous blog post on the topic, I received plenty of questions about why I did not cover the 

caching_sha2_password

  plugin. This plugin is the default since MySQL 8, and all user accounts which are created without the option 

IDENTIFIED WITH

, will use this plugin. Locally everything works fine because the plugin is built-in to the MySQL server and client.

If you then connect with such a user account from a remote machine you may get an error similar to:

ERROR 2059 (HY000): Authentication plugin 'caching_sha2_password' cannot be loaded: /usr/lib64/mysql/plugin/caching_sha2_password.so: cannot open shared object file: No such file or directory

Unlike the situation, mentioned in the other blog post, the reason for this error is not always the 

--plugin-dir

  option of the 

mysql

  client. More often this means that you did not upgrade MySQL client libraries.

Plugin 

caching_sha2_password

  was first introduced in MySQL 5.7. If you somehow still use MySQL 5.6 or an earlier version, you would not be able to connect to MySQL using this plugin.

Some operating systems have MariaDB packages in place of MySQL.

MariaDB server does not support the 

caching_sha2_password

  plugin. But MariaDB Connector/C does support this plugin since version 3.0.2. The plugin is not built-in and is provided as a separate library. All clients that use MariaDB Connector/C support authentication with the 

caching_sha2_password

  plugin. This includes 

mysql

and 

mariadb

  command-line clients.

MariaDB libmysqlclient library does not support the 

caching_sha2_password

  plugin. Therefore, if you use a client linked to this library, you would not be able to authenticate with the 

caching_sha2_password

  plugin.

Applications that connect to MySQL using different APIs, such as Python, PHP, Go, Java, and ODBC need to use the latest version of the connectors and database drivers. Both MySQL and MariaDB connectors support the 

caching_sha2_password

  plugin.

This also applies to Percona Toolkit.

Conclusion

In order to use the 

caching_sha2_password

  authentication plugin:

  • For MySQL, Percona Server for MySQL, and Percona XtraDB Cluster
    • Use client version 5.7 or newer
    • No other actions are needed: support is built-in
  • For MariaDB
    • Use client, linked with MariaDB Connector/C 3.0.2 or newer
    • Specify option 
      --plugin-dir

        if your client cannot find the 

      caching_sha2_password.so

        library in the default location

Written by in: authenticatin plugin,authentication,caching_sha2_password,Insight for DBAs,MySQL,mysql-and-variants,Zend Developer | Tags:
Mar
22
2022
--

Authentication Plugin ‘***’ Cannot Be Loaded: How MySQL Searches Client-Side Plugins

MySQL Searches Client-Side Plugins

MySQL Searches Client-Side PluginsWhen MySQL client connects to the server it uses one of the authentication plugins. On the server-side, plugins are located in the directory, specified by the option plugin-dir that defaults to 

BASEDIR/lib/plugin

  where 

BASEDIR

  is the base directory of your MySQL installation. This perfectly works whenever you install MySQL using package manager, or from the Linux tarball.

However, authentication plugins should be also loaded on the client-side. If you installed MySQL into the custom location, you may end up with an error when trying to connect using any plugin requiring a separate client library.

For example, let’s set the Test authentication plugin to authenticate a user:

mysql?> INSTALL PLUGIN test_plugin_server SONAME 'auth_test_plugin.so';         
Query OK, 0 rows affected (0,01 sec)

mysql?> CREATE USER 'sveta'@'%' IDENTIFIED WITH test_plugin_server;
Query OK, 0 rows affected (0,01 sec)

Then, if you run the 

mysql

  client without option 

--plugin-dir

 , you will get an error:

$ mysql -usveta
ERROR 2059 (HY000): Authentication plugin 'auth_test_plugin' cannot be loaded: /usr/local/Percona-Server-8.0.25-15-Linux.x86_64.glibc2.17/lib/plugin/auth_test_plugin.so: cannot open shared object file: No such file or directory

To avoid this error, specify 

--plugin-dir

 either in the configuration file or as a command-line parameter:

$ mysql -usveta --plugin-dir=/home/sveta/mysqlpackages/Percona-Server-8.0.25-15-Linux.x86_64.glibc2.17/lib/plugin
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 28
Server version: 8.0.25-15 Percona Server (GPL), Release 15, Revision a558ec2

Copyright (c) 2009-2021 Percona LLC and/or its affiliates
Copyright (c) 2000, 2021, Oracle and/or its affiliates.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql?> \q
Bye

This issue is applicable to all plugins that require loading an external library at the client-side, including the PAM authentication plugin. In this case, you will get the error 

ERROR 2059 (HY000): Authentication plugin 'dialog' cannot be loaded: /usr/local/Percona-Server-8.0.25-15-Linux.x86_64.glibc2.17/lib/plugin/dialog.so: cannot open shared object file: No such file or directory

Oracle-compatible auth_pam_compat plugin does not experience this issue, because, instead of 

dialog.so

 it uses the built-in 

mysql_clear_password

  plugin.

See also:

PAM plugin does not enforce plugin_dir when installed from tarball

MySQL and MariaDB authentication against pam_unix

Written by in: --plugin,authenticatin plugin,authentication,Insight for DBAs,MySQL,MySQL client,mysql-and-variants,Zend Developer |

Powered by WordPress | Theme: Aeros 2.0 by TheBuckmaker.com