Bug #73833 Unknown system variable 'default_authentication_plugin'
Submitted: 8 Sep 2014 9:58 Modified: 29 Jan 2015 13:41
Reporter: Shahriyar Rzayev Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: Documentation Severity:S1 (Critical)
Version:5.6.20, 5.6.21 OS:Linux (CentOS 6.5)
Assigned to: Jon Stephens CPU Architecture:Any

[8 Sep 2014 9:58] Shahriyar Rzayev
Description:
Maybe the BUG category must be different but anyway i decide to share situation:
I try SHA-256 Authentication Plugin and As Documentation states:

http://dev.mysql.com/doc/refman/5.6/en/sha256-authentication-plugin.html

"Alternatively, start the server with the default authentication plugin set to sha256_password. For example, put these lines in the server option file:

[mysqld]
default-authentication-plugin=sha256_password"

But there is no such variable in another page of documentation:

http://dev.mysql.com/doc/refman/5.6/en/server-system-variables.html

And you can prove it by querying this variable:

mysql> select @@default_authentication_plugin;
ERROR 1193 (HY000): Unknown system variable 'default_authentication_plugin'

If there is no such variable why it does not raise an error while starting MySQL something like? :

[ERROR] /usr/sbin/mysqld: unknown variable

Maybe this is a documentation problem. But in fact when querying variable it says that there is no such variable. 
In another way it starts well with "unavailable" variable from my.cnf.

So this variable exists or not? :)

How to repeat:
Add this 2 lines to my.cnf file under [mysqld] catalog:

old_passwords = 2
default_authentication_plugin=sha256_password

Restart the server. You will see that it starts without any problem.
Then query for default_authentication_plugin to see error.

And there is no entry about this variable in the list of all variables.

Suggested fix:
Maybe preventing starting MySQL if this variable not exists.
If exists everebody must be able to query for this variable.
[8 Sep 2014 11:47] MySQL Verification Team
Hello Shahriyar,

Thank you for the report.
This seems to be doc issue, per http://dev.mysql.com/doc/refman/5.7/en/server-system-variables.html#sysvar_default_authent... this variable is introduced in 5.7.2.. also, interestingly 5.6 won't complain when this variable is passed through command line or in optional file.

Thanks,
Umesh
[15 Sep 2014 10:35] MySQL Verification Team
imho - this seems to be doc bug i.e 5.6 doc should be clearer on this:

In 5.6, --default-authentication-plugin=plugin_name could be set only through Command-Line Format i.e as --default-authentication-plugin=plugin_name and through Option-File Format as default-authentication-plugin=plugin_name

So, earlier in MySQL <=5.7.2, use the --default-authentication-plugin command-line option, which is used the same way at server startup, but cannot be accessed at runtime.

mysql> select @@default_authentication_plugin;
ERROR 1193 (HY000): Unknown system variable 'default_authentication_plugin'
mysql>

So, in MySQL >=5.7.2, default-authentication-plugin was removed in MySQL 5.7.2 and replaced by the default_authentication_plugin system variable. The variable is used the same way as the option at server startup, but also enables the default plugin value to be inspected as runtime

mysql> show variables like '%version%';
+-------------------------+---------------------------------------------------------+
| Variable_name           | Value                                                   |
+-------------------------+---------------------------------------------------------+
| innodb_version          | 5.7.6                                                   |
| protocol_version        | 10                                                      |
| slave_type_conversions  |                                                         |
| version                 | 5.7.6-m16-enterprise-commercial-advanced                |
| version_comment         | MySQL Enterprise Server - Advanced Edition (Commercial) |
| version_compile_machine | x86_64                                                  |
| version_compile_os      | Linux                                                   |
+-------------------------+---------------------------------------------------------+
7 rows in set (0.00 sec)

mysql> select @@default_authentication_plugin;
+---------------------------------+
| @@default_authentication_plugin |
+---------------------------------+
| sha256_password                 |
+---------------------------------+
1 row in set (0.00 sec)

## See relevant section for more info  

http://dev.mysql.com/doc/refman/5.6/en/server-options.html#option_mysqld_default-authentic...

http://dev.mysql.com/doc/refman/5.6/en/server-options.html#option_mysqld_default-authentic...

http://dev.mysql.com/doc/refman/5.7/en/server-system-variables.html#sysvar_default_authent...

http://dev.mysql.com/doc/refman/5.7/en/server-options.html#option_mysqld_default-authentic...
[10 Oct 2014 12:14] Daniƫl van Eeden
This might be a duplicate of Bug #68858
[29 Jan 2015 13:41] Jon Stephens
I think this is actually already pretty clear from the existing documentation but I've added a very explicit note about this to the the description of this option in the 5.6 Manual.

Closed.
[29 Jan 2015 13:41] Jon Stephens
Thank you for your bug report. This issue has been addressed in the documentation. The updated documentation will appear on our website shortly.