From 2c6c3373c69e3eeddc65094155402702dc3cc61d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dani=C3=ABl=20van=20Eeden?= <git@myname.nl>
Date: Mon, 5 Jul 2021 11:09:15 +0200
Subject: [PATCH] Update Security Compatibility with MySQL

Related to https://github.com/pingcap/tidb/pull/24991
---
 security-compatibility-with-mysql.md | 16 ++++++++++++++--
 system-variables.md                  |  6 ++++++
 2 files changed, 20 insertions(+), 2 deletions(-)

diff --git a/security-compatibility-with-mysql.md b/security-compatibility-with-mysql.md
index fce6496e8e1ad..18bc8c5d50a7f 100644
--- a/security-compatibility-with-mysql.md
+++ b/security-compatibility-with-mysql.md
@@ -8,9 +8,21 @@ aliases: ['/docs/dev/security-compatibility-with-mysql/','/docs/dev/reference/se
 
 TiDB supports similar security functionality to MySQL 5.7, with the following exceptions:
 
-- Only the `mysql_native_password` password-based and certificate-based authentication is supported
-- External authentication (such as with LDAP) is not currently supported
 - Column level permissions are not supported
 - Password expiry, as well as password last-changed tracking and password lifetime are not supported [#9709](https://github.com/pingcap/tidb/issues/9709)
 - The permission attributes `max_questions`, `max_updated`, `max_connections`, `max_user_connections` are not supported
 - Password validation is not currently supported [#9741](https://github.com/pingcap/tidb/issues/9741)
+
+## Authentication plugin status
+
+| Authentication Method    | Supported        |
+| :------------------------| :--------------- |
+| `mysql_native_password`  | Yes              |
+| `sha256_password`        | No               |
+| `caching_sha2_password`  | Yes, since 5.2.0 |
+| `auth_socket`            | No               |
+| TLS Certificates         | Yes              |
+| LDAP                     | No               |
+| PAM                      | No               |
+| ed25519 (MariaDB)        | No               |
+| GSSAPI (MariaDB)         | No               |
diff --git a/system-variables.md b/system-variables.md
index 640baba6cf4f2..a4e6a7fcd62fc 100644
--- a/system-variables.md
+++ b/system-variables.md
@@ -127,6 +127,12 @@ mysql> SELECT * FROM t1;
 - This variable indicates the location where data is stored. This location can be a local path or point to a PD server if the data is stored on TiKV.
 - A value in the format of `ip_address:port` indicates the PD server that TiDB connects to on startup.
 
+### default_authentication_plugin
+
+- Scope: GLOBAL
+- Default value: `mysql_native_password`
+- This variable sets the authentication method the server advertises during connection establishment.
+
 ### ddl_slow_threshold
 
 - Scope: INSTANCE