Upgrade your Libraries: Authentication Plugin ‘caching_sha2_password’ Cannot be Loaded

'caching_sha2_password' Cannot be Loaded

'caching_sha2_password' Cannot be LoadedFor my previous blog post on the topic, I received plenty of questions about why I did not cover the


  plugin. This plugin is the default since MySQL 8, and all user accounts which are created without the option


, will use this plugin. Locally everything works fine because the plugin is built-in to the MySQL server and client.

If you then connect with such a user account from a remote machine you may get an error similar to:

ERROR 2059 (HY000): Authentication plugin 'caching_sha2_password' cannot be loaded: /usr/lib64/mysql/plugin/caching_sha2_password.so: cannot open shared object file: No such file or directory

Unlike the situation, mentioned in the other blog post, the reason for this error is not always the


  option of the


  client. More often this means that you did not upgrade MySQL client libraries.



  was first introduced in MySQL 5.7. If you somehow still use MySQL 5.6 or an earlier version, you would not be able to connect to MySQL using this plugin.

Some operating systems have MariaDB packages in place of MySQL.

MariaDB server does not support the


  plugin. But MariaDB Connector/C does support this plugin since version 3.0.2. The plugin is not built-in and is provided as a separate library. All clients that use MariaDB Connector/C support authentication with the


  plugin. This includes




  command-line clients.

MariaDB libmysqlclient library does not support the


  plugin. Therefore, if you use a client linked to this library, you would not be able to authenticate with the



Applications that connect to MySQL using different APIs, such as Python, PHP, Go, Java, and ODBC need to use the latest version of the connectors and database drivers. Both MySQL and MariaDB connectors support the



This also applies to Percona Toolkit.


In order to use the


  authentication plugin:

  • For MySQL, Percona Server for MySQL, and Percona XtraDB Cluster
    • Use client version 5.7 or newer
    • No other actions are needed: support is built-in
  • For MariaDB
    • Use client, linked with MariaDB Connector/C 3.0.2 or newer
    • Specify option

        if your client cannot find the


        library in the default location


Authentication Plugin ‘***’ Cannot Be Loaded: How MySQL Searches Client-Side Plugins

MySQL Searches Client-Side Plugins

MySQL Searches Client-Side PluginsWhen MySQL client connects to the server it uses one of the authentication plugins. On the server-side, plugins are located in the directory, specified by the option plugin-dir that defaults to




  is the base directory of your MySQL installation. This perfectly works whenever you install MySQL using package manager, or from the Linux tarball.

However, authentication plugins should be also loaded on the client-side. If you installed MySQL into the custom location, you may end up with an error when trying to connect using any plugin requiring a separate client library.

For example, let’s set the Test authentication plugin to authenticate a user:

mysql?> INSTALL PLUGIN test_plugin_server SONAME 'auth_test_plugin.so';         
Query OK, 0 rows affected (0,01 sec)

mysql?> CREATE USER 'sveta'@'%' IDENTIFIED WITH test_plugin_server;
Query OK, 0 rows affected (0,01 sec)

Then, if you run the


  client without option


 , you will get an error:

$ mysql -usveta
ERROR 2059 (HY000): Authentication plugin 'auth_test_plugin' cannot be loaded: /usr/local/Percona-Server-8.0.25-15-Linux.x86_64.glibc2.17/lib/plugin/auth_test_plugin.so: cannot open shared object file: No such file or directory

To avoid this error, specify


 either in the configuration file or as a command-line parameter:

$ mysql -usveta --plugin-dir=/home/sveta/mysqlpackages/Percona-Server-8.0.25-15-Linux.x86_64.glibc2.17/lib/plugin
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 28
Server version: 8.0.25-15 Percona Server (GPL), Release 15, Revision a558ec2

Copyright (c) 2009-2021 Percona LLC and/or its affiliates
Copyright (c) 2000, 2021, Oracle and/or its affiliates.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql?> \q

This issue is applicable to all plugins that require loading an external library at the client-side, including the PAM authentication plugin. In this case, you will get the error

ERROR 2059 (HY000): Authentication plugin 'dialog' cannot be loaded: /usr/local/Percona-Server-8.0.25-15-Linux.x86_64.glibc2.17/lib/plugin/dialog.so: cannot open shared object file: No such file or directory

Oracle-compatible auth_pam_compat plugin does not experience this issue, because, instead of


 it uses the built-in



See also:

PAM plugin does not enforce plugin_dir when installed from tarball

MySQL and MariaDB authentication against pam_unix

Powered by WordPress | Theme: Aeros 2.0 by TheBuckmaker.com