[Warning] [Server] Plugin mysql_native_password reported: ''mysql_native_password' is deprecated and will be removed in a future release. Please use caching_sha2_password instead'

I’ve noticed that for each connection there is this warning in the Mysql error log:

[Warning] [MY-013360] [Server] Plugin mysql_native_password reported: ‘‘mysql_native_password’ is deprecated and will be removed in a future release. Please use caching_sha2_password instead’

On our highly visit site the error log grows realy rapidly

when checking the users it seems the Cleavr generated users are using mysql_native_password


this is since this morning when I flushed the error log

I checked one of my servers and found a 1.8 GB error log file for MySQL.
99.99% of the logs are warnings like:

Plugin mysql_native_password reported: ''mysql_native_password' is deprecated and will be removed in a future release. Please use caching_sha2_password instead'

In my case it might be happen because I connect on that server with external databases (or other server user connect with that server). Does this happen in your case @yuluma too?

EDIT
Like @yuluma already mentioned, all mysql database user are created with the “old” password hash plugin. But I’m courios why many of them don’t generate warnings and others not.
I have another with some warnings, but only a few hundred. Like I mentioned before, I think these warrnings exists because of non-localhost connections.

@finalwebsites all connections are from 1 shop connecting with localhost

there are solutions online:

ALTER USER 'username'@'host' IDENTIFIED WITH caching_sha2_password BY 'password';

but the question is: is this smart to do or should a fix come from within Cleavr?

Sure it’s possible to change that value (both plugins are installed), but I remember me that I forced the native password version (on two servers) for some other reasons.
Strange is that only one of my servers has all the log entries. I disabled the warnings inside the log files with:
log-error-verbosity = 1 inside the mysqld.conf file

I really like to know why the native password version is used for db users on new servers.

@amiedema, is there some context you can add to this issue?
Why is Cleavr using the “old” native password plugin?

Hello! We are currently exploring updated recommendations from MySQL and creating a plan for how we’ll handle new servers / MySQL installations and guidance on existing instances.

Stay tuned!

Thanks for the update!

Hello @yuluma and @finalwebsites,

We recently released an update that includes changes to the MySQL password plugin.

We are now using caching_sha2_password instead of mysql_native_password for all new database users created after this release.

Please try creating a new database and database user, and let us know if this resolves the warning.

We are also planning to publish a blog post soon that will explain how to update the plugin for existing database users.

2 Likes

Hi Anish, we haven’t deployed a new server yet, will look into this next time we will deploy a new one.

Please do update is as soon as you have the blog ready to fix this for existing servers :four_leaf_clover: