22.3.5.6. Connecting Using PAM Authentication

Java applications using Connector/J 5.1.21 and higher can can connect to MySQL servers that use the pluggable authentication module (PAM) authentication scheme.

For PAM authentication to work, you must have the following:

A MySQL server that supports PAM authentication: a commercial distribution of MySQL 5.5.16 or higher. See Section 6.3.7.3, "The PAM Authentication Plugin" for more information. Connector/J implements the same cleartext authentication method as in Section 6.3.7.5, "The Cleartext Client-Side Authentication Plugin".
SSL capability, as explained in Section 22.3.5.5, "Connecting Securely Using SSL". Because the PAM authentication scheme sends the original password to the server, the connection to the server must be encrypted.

PAM authentication support is enabled by default in Connector/J 5.1.21 and up, so no extra configuration is needed.

To disable the PAM authentication feature, specify mysql_clear_password (the method) or com.mysql.jdbc.authentication.MysqlClearPasswordPlugin (the class name) in the comma-separated list of arguments for the disabledAuthenticationPlugins connection option. See Section 22.3.5.1, "Driver/Datasource Class Names, URL Syntax and Configuration Properties for Connector/J" for details about that connection option.