Sign InTry Free

Security Compatibility with MySQL

TiDB supports similar security functionality to MySQL 5.7, with the following exceptions:

  • Column level permissions are not supported
  • Password expiry, as well as password last-changed tracking and password lifetime are not supported #9709
  • The permission attributes max_questions, max_updated, max_connections, max_user_connections are not supported
  • Password validation is not currently supported #9741

Authentication plugin status

TiDB supports multiple authentication methods. These methods can be specified on a per user basis using CREATE USER and ALTER USER. These methods are compatible with the authentication methods of MySQL with the same names.

You can use one of the following supported authentication methods in the table. To specify a default method that the server advertises when the client-server connection is being established, set the default_authentication_plugin variable.

The support for TLS authentication is configured differently. For detailed information, see Enable TLS between TiDB Clients and Servers.

The support for TLS authentication is configured differently. For detailed information, see Enable TLS between TiDB Clients and Servers.

Authentication MethodSupported
mysql_native_passwordYes
sha256_passwordNo
caching_sha2_passwordYes, since 5.2.0
auth_socketYes, since 5.3.0
[TLS Certificates]Yes
LDAPNo
PAMNo
ed25519 (MariaDB)No
GSSAPI (MariaDB)No
FIDONo
Download PDFRequest docs changes
Was this page helpful?
Open Source Ecosystem
TiDB
TiKV
TiSpark
Chaos Mesh
© 2022 PingCAP. All Rights Reserved.