Sidebar

How can I resolve: Authentication plugin 'caching_sha2_password' cannot be loaded: ...: image not found?

0 votes
10.1K views
asked May 18, 2020 by rich-c-2789 (16,180 points)
I am trying to install QIE using a MySql 8 database.  The server fails to start with this error: in the logs:

Authentication plugin 'caching_sha2_password' cannot be loaded: dlopen(/usr/local/mysql/lib/plugin/caching_sha2_password.so, 2): image not found?

1 Answer

0 votes

When you see this it is likely the server or a user on the server is configured to use the new dafult caching_sha2_password method, but the client that attempted the connection either does not support it or was not configured properly to support the caching_sha2_password method.

To fix this some configuration may be needed on the server and or client to use the same authentication method.

Below are suggestion to use the legacy mysql_native_password method.  To use the new default caching_sha2_password please see the MySql documentation for details.

1. Reconfigure the server by adding this to your MySql configuration file:

        default_authentication_plugin=mysql_native_password

or

2. Create or alter the user used to connect to the QIE database using a query like:

        CREATE USER '[qie user]'@'localhost' IDENTIFIED WITH mysql_native_password BY '[qie password]';

        or

        ALTER USER '[qie user]'@'localhost' IDENTIFIED WITH mysql_native_password BY '[qie password]';

Additional details:

    MySql 8 changed the default authentication method from mysql_native_password to caching_sha2_password.

    As stated here: https://dev.mysql.com/doc/relnotes/connector-j/8.0/en/news-8-0-9.html

    "Connector/J now supports the new caching_sha2_password authentication plugin, which is the default authentication plugin for MySQL 8.0.4 and later (see Caching SHA-2 Pluggable Authentication for details).

    Note:

    To authenticate accounts with the caching_sha2_password plugin, either a secure connection to the server using SSL or an unencrypted connection that supports password exchange using an RSA key pair (enabled by setting one or both of the connecting properties allowPublicKeyRetrieval and serverRSAPublicKeyFile) must be used.

Because earlier versions of Connector/J 8.0 do not support the caching_sha2_password authentication plugin and therefore will not be able to connect to accounts that authenticate with the new plugin (which might include the root account created by default during a new installation of a MySQL 8.0 Server), it is highly recommended that you upgrade now to Connector/J 8.0.9, to help ensure that your applications continue to work smoothly with the latest MySQL 8.0 Server."

The installation wizard includes a step to choose between the new default "Use Strong Password Encryption (RECOMMENDED)" and "Use Legacy Authentication Method (Retain MySql 5.x Compatibility)".

Client support was added to:

        MySql Connector/j version 5.7.23

        MariaDB Connector/j version 2.5

QIE shipped with:

    QIE version .48

        MySql Connector/j version 5.1.30

        MariaDB Connector/j version 2.2.5

    QIE version .49

        MySql Connector/j version 8.0.20

        MariaDB Connector/j version 2.6.0

Note: Other versions of the above drivers may have been loaded via the external libraries.

Resources:

        https://dev.mysql.com/doc/refman/8.0/en/upgrading-from-previous-series.html

        https://dev.mysql.com/doc/relnotes/connector-j/8.0/en/news-8-0-9.html

        https://dev.mysql.com/doc/refman/8.0/en/caching-sha2-pluggable-authentication.html

        https://dev.mysql.com/doc/connector-j/8.0/en/connector-j-reference-using-ssl.html

        https://dev.mysql.com/doc/refman/8.0/en/native-pluggable-authentication.html

        https://dev.mysql.com/doc/refman/8.0/en/server-system-variables.html

        https://dev.mysql.com/doc/refman/8.0/en/pluggable-authentication.html

        https://dev.mysql.com/doc/refman/8.0/en/mysql-installer-workflow.html

        https://dev.mysql.com/doc/refman/8.0/en/osx-installation-pkg.html

        https://mariadb.com/kb/en/about-mariadb-connector-j/

        https://mariadb.com/resources/blog/whats-new-in-mariadb-connector-j-2-5/

answered May 18, 2020 by rich-c-2789 (16,180 points)
edited Jul 13, 2023 by rich-c-2789
commented Jul 13, 2023 by rich-c-2789 (16,180 points)
A related error you might see is "Public Key Retrieval is not allowed".  The above solutions should can be used to fix this error or by adding:
 
    allowPublicKeyRetrieval=True

to the JDBC connection URL.  Note that others also suggest adding "useSSL=false" but this is an older setting which the newer setting that would be equivalent is "sslMode=DISABLED".

A forth option is to properly configure the user/server/connection etc. to use TLS as other options are less secure.
...