MySQL 8.0 Reference Manual Including MySQL NDB Cluster 8.0

20.5.4 Using X Plugin with the Caching SHA-2 Authentication Plugin

X Plugin supports MySQL accounts created with the Section 6.4.1.3, “Caching SHA-2 Pluggable Authentication” plugin. You can use X Plugin to authenticate against such accounts using non-SSL connections with SHA256_MEMORY authentication and SSL connections with PLAIN authentication.

Although the caching SHA-2 authentication plugin holds an authentication cache, to use such accounts with X Plugin the X Plugin authentication cache plugin named mysqlx_cache_cleaner is used. Like X Plugin, it is enabled by default.

Before you can use non-SSL connections to authenticate an account which uses the caching_sha2_password plugin, the account must have authenticated at least once over an SSL connection to store the password in the X Plugin authentication cache. This means that the first use of an account must be done using an SSL connection with the X Plugin authentication cache enabled. Once this initial authentication over SSL has succeeded non-SSL connections can be used.