I am trying to connect my Python script to a fresh installation of MySQL 8.0, but I keep getting a "NotSupportedError" regarding the 'caching_sha2_password' authentication plugin. I am using the mysql-connector library, and it seems like my script doesn't recognize the default encryption method used by the newer MySQL server. Should I change the user's password type on the server, or is there a specific way to upgrade my Python driver to support this modern authentication method?
3 answers
The error occurs because MySQL 8.0 changed the default authentication plugin to caching_sha2_password, while older versions of the mysql-connector library (or the unofficial mysql-connector-python) only support the legacy mysql_native_password. The best long-term solution in professional software development is to upgrade your library to the latest version using pip install --upgrade mysql-connector-python. If you are unable to upgrade your Python environment, you can alter the MySQL user to use the older method by running the SQL command: ALTER USER 'username'@'localhost' IDENTIFIED WITH mysql_native_password BY 'password';. However, upgrading the driver is preferred as SHA2 offers significantly better security for enterprise data.
If you decide to stick with the caching_sha2_password plugin for better security, do you also need to install the cryptography package in your Python environment for the handshake to work correctly?
I had this same issue after moving to a Dockerized MySQL 8 instance. Changing the user plugin to mysql_native_password fixed it instantly, but I eventually just switched to PyMySQL which handles the new plugin much more smoothly.
I agree with Sarah; PyMySQL or mysqlclient are often more robust alternatives if the official connector keeps giving you trouble. Sometimes a simple library switch saves hours of configuration!
Derek is spot on. For many Python MySQL drivers, the caching_sha2_password method requires the cryptography library to handle the RSA key exchange. Even if your driver is up to date, the connection might fail without it. I always recommend running pip install cryptography alongside your database drivers. In modern Data Science pipelines, ensuring your environment supports these encrypted handshakes is a standard security requirement, as it protects your database credentials from being intercepted during the initial connection phase.