Hello Lukas, Yes, the plugin was introduced in 5.6.6 as seen on [1]. I have uploaded the .cap file (tcpdump -A -r capture.cap) to http://nimzo[dot]info/files/capture{dot}cap
I don't think it is worth the effort as sha256 is used for password auth and HAproxy doesn't do that. Further, using plugin auth will require a lot of changes to the code and could break compatibility with old MySQL auth services. Here are a few links to read: http://dev.mysql.com/doc/internals/en/connection-phase.html#packet-Protocol::AuthSwitchRequest http://dev.mysql.com/doc/internals/en/connection-phase.html#flag-CLIENT_PLUGIN_AUTH http://dev.mysql.com/doc/internals/en/connection-phase.html#packet-Protocol::HandshakeResponse41 It is doable and would likely work flawlessly if we were to wait for the AuthSwitchRequest packet and process it correctly in order not to break backwards compatibility, but it all sounds too much for me in order to do this. Another option is to add plugin option to the configuration, like option mysql-check user monitor sha256 [1] http://dev.mysql.com/doc/refman/5.6/en/sha256-authentication-plugin.html IHMO, this is a plugin auth module and going down the route to support it is just not worth it. Tomorrow another one might pop up expecting something different. We should just draw the line saying we support pre-4.1 and post-4.1 authentication, without plugins. Especially since password hashing done by sha256_password module is useless to HAproxy. On 06/18/2013 04:32 PM, Lukas Tribus wrote: > Hi! > > >> I moved to the latets version of HAProxy and now it is working. > > Jayadevan, can you tell us what version you are running (which works) > and what release you where using before? Just double checking that > commit 212f778d6 fixed that problem ... > > > >> I did. But that did not help. So I used latest version of HAProxy. >> That worked. > > I guess you had to do both things to make it work; or did you revert the > the plugin change? > > Can you post: > select user,HOST,plugin from mysql.user; > > > >> It is due to the plugin and it should be document IMHO (or even fixed, >> although not much benefit from it): > > Agreed, but it looks like Jayadevan had a different issue (or both). > Do you know for certain that the exact release MySQL broke backwards > compatibility was 5.6.6? Could you make a full tcpdump of the new 5.6.x > client authentication packet and post upload the .cap somewhere? > > It shouldn't be that difficult to adjust the mysql-check. > > > > Lukas Regards, -- Nenad Merdanovic | PGP: 0x423edcb2 | Web: http://nimzo.info Linkedin: http://www.linkedin.com/in/nenadmerdanovic
