Use mysql.user.authentication_string for password

Don't distinguish between a "password hash" and "authentication string" anymore. Now both are stored in mysql.user.authentication_string, both are handled identically internally. A "password hash" is just how some particular plugins interpret authentication string. Set mysql.user.plugin even if there is no password. The server will use mysql_native_password plugin in these cases, let's make it expicit. Remove LEX_USER::pwhash.
2025-07-29 05:21:33 +03:00 · 2018-10-14 13:52:52 +02:00
parent 0e388d43a7
commit 76151f3cbc
33 changed files with 368 additions and 386 deletions
--- a/mysql-test/main/alter_user.result
+++ b/mysql-test/main/alter_user.result
@ -15,11 +15,11 @@ localhost	root		Y	Y	Y	Y	Y	Y	Y	Y	Y	Y	Y	Y	Y	Y	Y	Y	Y	Y	Y	Y	Y	Y	Y	Y	Y	Y	Y	Y	Y	Y
 create user foo;
 select * from mysql.user where user = 'foo';
 Host	User	Password	Select_priv	Insert_priv	Update_priv	Delete_priv	Create_priv	Drop_priv	Reload_priv	Shutdown_priv	Process_priv	File_priv	Grant_priv	References_priv	Index_priv	Alter_priv	Show_db_priv	Super_priv	Create_tmp_table_priv	Lock_tables_priv	Execute_priv	Repl_slave_priv	Repl_client_priv	Create_view_priv	Show_view_priv	Create_routine_priv	Alter_routine_priv	Create_user_priv	Event_priv	Trigger_priv	Create_tablespace_priv	Delete_history_priv	ssl_type	ssl_cipher	x509_issuer	x509_subject	max_questions	max_updates	max_connections	max_user_connections	plugin	authentication_string	password_expired	is_role	default_role	max_statement_time
-%	foo		N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N					0	0	0	0			N	N		0.000000
+%	foo		N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N					0	0	0	0	mysql_native_password		N	N		0.000000
 alter user foo;
 select * from mysql.user where user = 'foo';
 Host	User	Password	Select_priv	Insert_priv	Update_priv	Delete_priv	Create_priv	Drop_priv	Reload_priv	Shutdown_priv	Process_priv	File_priv	Grant_priv	References_priv	Index_priv	Alter_priv	Show_db_priv	Super_priv	Create_tmp_table_priv	Lock_tables_priv	Execute_priv	Repl_slave_priv	Repl_client_priv	Create_view_priv	Show_view_priv	Create_routine_priv	Alter_routine_priv	Create_user_priv	Event_priv	Trigger_priv	Create_tablespace_priv	Delete_history_priv	ssl_type	ssl_cipher	x509_issuer	x509_subject	max_questions	max_updates	max_connections	max_user_connections	plugin	authentication_string	password_expired	is_role	default_role	max_statement_time
-%	foo		N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N					0	0	0	0			N	N		0.000000
+%	foo		N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N					0	0	0	0	mysql_native_password		N	N		0.000000
 # Test super privilege works correctly with a read only database.
 SET @start_read_only = @@global.read_only;
 SET GLOBAL read_only=1;
@ -51,15 +51,15 @@ Note	1396	Operation ALTER USER failed for 'boo'
 alter user foo identified by 'something';
 select * from mysql.user where user = 'foo';
 Host	User	Password	Select_priv	Insert_priv	Update_priv	Delete_priv	Create_priv	Drop_priv	Reload_priv	Shutdown_priv	Process_priv	File_priv	Grant_priv	References_priv	Index_priv	Alter_priv	Show_db_priv	Super_priv	Create_tmp_table_priv	Lock_tables_priv	Execute_priv	Repl_slave_priv	Repl_client_priv	Create_view_priv	Show_view_priv	Create_routine_priv	Alter_routine_priv	Create_user_priv	Event_priv	Trigger_priv	Create_tablespace_priv	Delete_history_priv	ssl_type	ssl_cipher	x509_issuer	x509_subject	max_questions	max_updates	max_connections	max_user_connections	plugin	authentication_string	password_expired	is_role	default_role	max_statement_time
-%	foo	*88C89BE093D4ECF72D039F62EBB7477EA1FD4D63	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	Y	N	N	N	N	N	N	N	N	N	Y	N	N	N	N					0	0	0	0			N	N		0.000000
+%	foo		N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	Y	N	N	N	N	N	N	N	N	N	Y	N	N	N	N					0	0	0	0	mysql_native_password	*88C89BE093D4ECF72D039F62EBB7477EA1FD4D63	N	N		0.000000
 alter user foo identified by 'something2';
 select * from mysql.user where user = 'foo';
 Host	User	Password	Select_priv	Insert_priv	Update_priv	Delete_priv	Create_priv	Drop_priv	Reload_priv	Shutdown_priv	Process_priv	File_priv	Grant_priv	References_priv	Index_priv	Alter_priv	Show_db_priv	Super_priv	Create_tmp_table_priv	Lock_tables_priv	Execute_priv	Repl_slave_priv	Repl_client_priv	Create_view_priv	Show_view_priv	Create_routine_priv	Alter_routine_priv	Create_user_priv	Event_priv	Trigger_priv	Create_tablespace_priv	Delete_history_priv	ssl_type	ssl_cipher	x509_issuer	x509_subject	max_questions	max_updates	max_connections	max_user_connections	plugin	authentication_string	password_expired	is_role	default_role	max_statement_time
-%	foo	*9CD58369E930E28C8996A89DB18B63294E6DC10C	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	Y	N	N	N	N	N	N	N	N	N	Y	N	N	N	N					0	0	0	0			N	N		0.000000
+%	foo		N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	Y	N	N	N	N	N	N	N	N	N	Y	N	N	N	N					0	0	0	0	mysql_native_password	*9CD58369E930E28C8996A89DB18B63294E6DC10C	N	N		0.000000
 alter user foo identified by password '*88C89BE093D4ECF72D039F62EBB7477EA1FD4D63';
 select * from mysql.user where user = 'foo';
 Host	User	Password	Select_priv	Insert_priv	Update_priv	Delete_priv	Create_priv	Drop_priv	Reload_priv	Shutdown_priv	Process_priv	File_priv	Grant_priv	References_priv	Index_priv	Alter_priv	Show_db_priv	Super_priv	Create_tmp_table_priv	Lock_tables_priv	Execute_priv	Repl_slave_priv	Repl_client_priv	Create_view_priv	Show_view_priv	Create_routine_priv	Alter_routine_priv	Create_user_priv	Event_priv	Trigger_priv	Create_tablespace_priv	Delete_history_priv	ssl_type	ssl_cipher	x509_issuer	x509_subject	max_questions	max_updates	max_connections	max_user_connections	plugin	authentication_string	password_expired	is_role	default_role	max_statement_time
-%	foo	*88C89BE093D4ECF72D039F62EBB7477EA1FD4D63	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	Y	N	N	N	N	N	N	N	N	N	Y	N	N	N	N					0	0	0	0			N	N		0.000000
+%	foo		N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	Y	N	N	N	N	N	N	N	N	N	Y	N	N	N	N					0	0	0	0	mysql_native_password	*88C89BE093D4ECF72D039F62EBB7477EA1FD4D63	N	N		0.000000
 alter user foo identified with 'somecoolplugin';
 select * from mysql.user where user = 'foo';
 Host	User	Password	Select_priv	Insert_priv	Update_priv	Delete_priv	Create_priv	Drop_priv	Reload_priv	Shutdown_priv	Process_priv	File_priv	Grant_priv	References_priv	Index_priv	Alter_priv	Show_db_priv	Super_priv	Create_tmp_table_priv	Lock_tables_priv	Execute_priv	Repl_slave_priv	Repl_client_priv	Create_view_priv	Show_view_priv	Create_routine_priv	Alter_routine_priv	Create_user_priv	Event_priv	Trigger_priv	Create_tablespace_priv	Delete_history_priv	ssl_type	ssl_cipher	x509_issuer	x509_subject	max_questions	max_updates	max_connections	max_user_connections	plugin	authentication_string	password_expired	is_role	default_role	max_statement_time
@ -72,16 +72,16 @@ Host	User	Password	Select_priv	Insert_priv	Update_priv	Delete_priv	Create_priv	D
 alter user foo identified by 'something' require SSL;
 select * from mysql.user where user = 'foo';
 Host	User	Password	Select_priv	Insert_priv	Update_priv	Delete_priv	Create_priv	Drop_priv	Reload_priv	Shutdown_priv	Process_priv	File_priv	Grant_priv	References_priv	Index_priv	Alter_priv	Show_db_priv	Super_priv	Create_tmp_table_priv	Lock_tables_priv	Execute_priv	Repl_slave_priv	Repl_client_priv	Create_view_priv	Show_view_priv	Create_routine_priv	Alter_routine_priv	Create_user_priv	Event_priv	Trigger_priv	Create_tablespace_priv	Delete_history_priv	ssl_type	ssl_cipher	x509_issuer	x509_subject	max_questions	max_updates	max_connections	max_user_connections	plugin	authentication_string	password_expired	is_role	default_role	max_statement_time
-%	foo	*88C89BE093D4ECF72D039F62EBB7477EA1FD4D63	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	Y	N	N	N	N	N	N	N	N	N	Y	N	N	N	N	ANY				0	0	0	0			N	N		0.000000
+%	foo		N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	Y	N	N	N	N	N	N	N	N	N	Y	N	N	N	N	ANY				0	0	0	0	mysql_native_password	*88C89BE093D4ECF72D039F62EBB7477EA1FD4D63	N	N		0.000000
 alter user foo identified by 'something' require X509;
 select * from mysql.user where user = 'foo';
 Host	User	Password	Select_priv	Insert_priv	Update_priv	Delete_priv	Create_priv	Drop_priv	Reload_priv	Shutdown_priv	Process_priv	File_priv	Grant_priv	References_priv	Index_priv	Alter_priv	Show_db_priv	Super_priv	Create_tmp_table_priv	Lock_tables_priv	Execute_priv	Repl_slave_priv	Repl_client_priv	Create_view_priv	Show_view_priv	Create_routine_priv	Alter_routine_priv	Create_user_priv	Event_priv	Trigger_priv	Create_tablespace_priv	Delete_history_priv	ssl_type	ssl_cipher	x509_issuer	x509_subject	max_questions	max_updates	max_connections	max_user_connections	plugin	authentication_string	password_expired	is_role	default_role	max_statement_time
-%	foo	*88C89BE093D4ECF72D039F62EBB7477EA1FD4D63	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	Y	N	N	N	N	N	N	N	N	N	Y	N	N	N	N	X509				0	0	0	0			N	N		0.000000
+%	foo		N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	Y	N	N	N	N	N	N	N	N	N	Y	N	N	N	N	X509				0	0	0	0	mysql_native_password	*88C89BE093D4ECF72D039F62EBB7477EA1FD4D63	N	N		0.000000
 alter user foo identified by 'something'
 require cipher 'text' issuer 'foo_issuer' subject 'foo_subject';
 select * from mysql.user where user = 'foo';
 Host	User	Password	Select_priv	Insert_priv	Update_priv	Delete_priv	Create_priv	Drop_priv	Reload_priv	Shutdown_priv	Process_priv	File_priv	Grant_priv	References_priv	Index_priv	Alter_priv	Show_db_priv	Super_priv	Create_tmp_table_priv	Lock_tables_priv	Execute_priv	Repl_slave_priv	Repl_client_priv	Create_view_priv	Show_view_priv	Create_routine_priv	Alter_routine_priv	Create_user_priv	Event_priv	Trigger_priv	Create_tablespace_priv	Delete_history_priv	ssl_type	ssl_cipher	x509_issuer	x509_subject	max_questions	max_updates	max_connections	max_user_connections	plugin	authentication_string	password_expired	is_role	default_role	max_statement_time
-%	foo	*88C89BE093D4ECF72D039F62EBB7477EA1FD4D63	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	Y	N	N	N	N	N	N	N	N	N	Y	N	N	N	N	SPECIFIED	text	foo_issuer	foo_subject	0	0	0	0			N	N		0.000000
+%	foo		N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	Y	N	N	N	N	N	N	N	N	N	Y	N	N	N	N	SPECIFIED	text	foo_issuer	foo_subject	0	0	0	0	mysql_native_password	*88C89BE093D4ECF72D039F62EBB7477EA1FD4D63	N	N		0.000000
 # Test resource limits altering.
 alter user foo with MAX_QUERIES_PER_HOUR 10
 MAX_UPDATES_PER_HOUR 20
@ -89,5 +89,5 @@ MAX_CONNECTIONS_PER_HOUR 30
 MAX_USER_CONNECTIONS 40;
 select * from mysql.user where user = 'foo';
 Host	User	Password	Select_priv	Insert_priv	Update_priv	Delete_priv	Create_priv	Drop_priv	Reload_priv	Shutdown_priv	Process_priv	File_priv	Grant_priv	References_priv	Index_priv	Alter_priv	Show_db_priv	Super_priv	Create_tmp_table_priv	Lock_tables_priv	Execute_priv	Repl_slave_priv	Repl_client_priv	Create_view_priv	Show_view_priv	Create_routine_priv	Alter_routine_priv	Create_user_priv	Event_priv	Trigger_priv	Create_tablespace_priv	Delete_history_priv	ssl_type	ssl_cipher	x509_issuer	x509_subject	max_questions	max_updates	max_connections	max_user_connections	plugin	authentication_string	password_expired	is_role	default_role	max_statement_time
-%	foo	*88C89BE093D4ECF72D039F62EBB7477EA1FD4D63	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	Y	N	N	N	N	N	N	N	N	N	Y	N	N	N	N	SPECIFIED	text	foo_issuer	foo_subject	10	20	30	40			N	N		0.000000
+%	foo		N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	Y	N	N	N	N	N	N	N	N	N	Y	N	N	N	N	SPECIFIED	text	foo_issuer	foo_subject	10	20	30	40	mysql_native_password	*88C89BE093D4ECF72D039F62EBB7477EA1FD4D63	N	N		0.000000
 drop user foo;
--- a/mysql-test/main/connect.result
+++ b/mysql-test/main/connect.result
@ -98,7 +98,7 @@ ERROR 28000: Access denied for user 'test'@'localhost' (using password: YES)
 connect(localhost,test,zorro,test,MASTER_PORT,MASTER_SOCKET);
 connect  fail_con,localhost,test,zorro,;
 ERROR 28000: Access denied for user 'test'@'localhost' (using password: YES)
-update mysql.user set password=old_password("gambling2") where user=_binary"test";
+update mysql.user set plugin="", authentication_string="", password=old_password("gambling2") where user=_binary"test";
 flush privileges;
 connect  con10,localhost,test,gambling2,;
 connect  con5,localhost,test,gambling2,mysql;
@ -364,8 +364,8 @@ update mysql.user set plugin='mysql_old_password' where user = 'mysqltest_up2';
 select user, password, plugin, authentication_string from mysql.user
 where user like 'mysqltest_up_';
 user	password	plugin	authentication_string
-mysqltest_up1	*E8D46CE25265E545D225A8A6F1BAF642FEBEE5CB	mysql_native_password	
-mysqltest_up2	09301740536db389	mysql_old_password	
+mysqltest_up1		mysql_native_password	*E8D46CE25265E545D225A8A6F1BAF642FEBEE5CB
+mysqltest_up2		mysql_old_password	09301740536db389
 flush privileges;
 connect pcon6,localhost,mysqltest_up1,bar,,$MASTER_MYPORT,;
 connection pcon6;
--- a/mysql-test/main/connect.test
+++ b/mysql-test/main/connect.test
@ -66,7 +66,7 @@ connect (fail_con,localhost,test,zorro,test2);
 connect (fail_con,localhost,test,zorro,);

 # check if old password version also works
-update mysql.user set password=old_password("gambling2") where user=_binary"test";
+update mysql.user set plugin="", authentication_string="", password=old_password("gambling2") where user=_binary"test";
 flush privileges;

 connect (con10,localhost,test,gambling2,);
--- a/mysql-test/main/create_drop_user.result
+++ b/mysql-test/main/create_drop_user.result
@ -1,22 +1,22 @@
 CREATE USER IF NOT EXISTS u1@localhost IDENTIFIED BY 'pw1';
-SELECT password FROM mysql.user WHERE user='u1';
-password
-*2B602296A79E0A8784ACC5C88D92E46588CCA3C3
+SELECT plugin,authentication_string FROM mysql.user WHERE user='u1';
+plugin	authentication_string
+mysql_native_password	*2B602296A79E0A8784ACC5C88D92E46588CCA3C3
 CREATE USER IF NOT EXISTS u1@localhost IDENTIFIED BY 'pw2';
 Warnings:
 Note	1973	Can't create user 'u1'@'localhost'; it already exists
-SELECT password FROM mysql.user WHERE user='u1';
-password
-*2B602296A79E0A8784ACC5C88D92E46588CCA3C3
+SELECT plugin,authentication_string FROM mysql.user WHERE user='u1';
+plugin	authentication_string
+mysql_native_password	*2B602296A79E0A8784ACC5C88D92E46588CCA3C3
 CREATE OR REPLACE USER u1@localhost IDENTIFIED BY 'pw3';
-SELECT password FROM mysql.user WHERE user='u1';
-password
-*77B4A70CEFD76DB9415F36D291E74C110D2738E0
+SELECT plugin,authentication_string FROM mysql.user WHERE user='u1';
+plugin	authentication_string
+mysql_native_password	*77B4A70CEFD76DB9415F36D291E74C110D2738E0
 CREATE OR REPLACE USER IF NOT EXISTS u1@localhost IDENTIFIED BY 'pw4';
 ERROR HY000: Incorrect usage of OR REPLACE and IF NOT EXISTS
-SELECT password FROM mysql.user WHERE user='u1';
-password
-*77B4A70CEFD76DB9415F36D291E74C110D2738E0
+SELECT plugin,authentication_string FROM mysql.user WHERE user='u1';
+plugin	authentication_string
+mysql_native_password	*77B4A70CEFD76DB9415F36D291E74C110D2738E0
 DROP USER IF EXISTS u1@localhost;
 DROP USER IF EXISTS u1@localhost;
 Warnings:
--- a/mysql-test/main/create_drop_user.test
+++ b/mysql-test/main/create_drop_user.test
@ -1,17 +1,17 @@
 --source include/not_embedded.inc

 CREATE USER IF NOT EXISTS u1@localhost IDENTIFIED BY 'pw1';
-SELECT password FROM mysql.user WHERE user='u1';
+SELECT plugin,authentication_string FROM mysql.user WHERE user='u1';

 CREATE USER IF NOT EXISTS u1@localhost IDENTIFIED BY 'pw2';
-SELECT password FROM mysql.user WHERE user='u1';
+SELECT plugin,authentication_string FROM mysql.user WHERE user='u1';

 CREATE OR REPLACE USER u1@localhost IDENTIFIED BY 'pw3';
-SELECT password FROM mysql.user WHERE user='u1';
+SELECT plugin,authentication_string FROM mysql.user WHERE user='u1';

 --error ER_WRONG_USAGE
 CREATE OR REPLACE USER IF NOT EXISTS u1@localhost IDENTIFIED BY 'pw4';
-SELECT password FROM mysql.user WHERE user='u1';
+SELECT plugin,authentication_string FROM mysql.user WHERE user='u1';

 DROP USER IF EXISTS u1@localhost;
 DROP USER IF EXISTS u1@localhost;
--- a/mysql-test/main/create_user.result
+++ b/mysql-test/main/create_user.result
@ -1,57 +1,57 @@
 create user foo;
 select * from mysql.user where user = 'foo';
 Host	User	Password	Select_priv	Insert_priv	Update_priv	Delete_priv	Create_priv	Drop_priv	Reload_priv	Shutdown_priv	Process_priv	File_priv	Grant_priv	References_priv	Index_priv	Alter_priv	Show_db_priv	Super_priv	Create_tmp_table_priv	Lock_tables_priv	Execute_priv	Repl_slave_priv	Repl_client_priv	Create_view_priv	Show_view_priv	Create_routine_priv	Alter_routine_priv	Create_user_priv	Event_priv	Trigger_priv	Create_tablespace_priv	Delete_history_priv	ssl_type	ssl_cipher	x509_issuer	x509_subject	max_questions	max_updates	max_connections	max_user_connections	plugin	authentication_string	password_expired	is_role	default_role	max_statement_time
-%	foo		N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N					0	0	0	0			N	N		0.000000
+%	foo		N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N					0	0	0	0	mysql_native_password		N	N		0.000000
 drop user foo;
 create user foo identified by 'password';
 select * from mysql.user where user = 'foo';
 Host	User	Password	Select_priv	Insert_priv	Update_priv	Delete_priv	Create_priv	Drop_priv	Reload_priv	Shutdown_priv	Process_priv	File_priv	Grant_priv	References_priv	Index_priv	Alter_priv	Show_db_priv	Super_priv	Create_tmp_table_priv	Lock_tables_priv	Execute_priv	Repl_slave_priv	Repl_client_priv	Create_view_priv	Show_view_priv	Create_routine_priv	Alter_routine_priv	Create_user_priv	Event_priv	Trigger_priv	Create_tablespace_priv	Delete_history_priv	ssl_type	ssl_cipher	x509_issuer	x509_subject	max_questions	max_updates	max_connections	max_user_connections	plugin	authentication_string	password_expired	is_role	default_role	max_statement_time
-%	foo	*2470C0C06DEE42FD1618BB99005ADCA2EC9D1E19	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N					0	0	0	0			N	N		0.000000
+%	foo		N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N					0	0	0	0	mysql_native_password	*2470C0C06DEE42FD1618BB99005ADCA2EC9D1E19	N	N		0.000000
 drop user foo;
 create user foo identified by 'password' require SSL;
 select * from mysql.user where user = 'foo';
 Host	User	Password	Select_priv	Insert_priv	Update_priv	Delete_priv	Create_priv	Drop_priv	Reload_priv	Shutdown_priv	Process_priv	File_priv	Grant_priv	References_priv	Index_priv	Alter_priv	Show_db_priv	Super_priv	Create_tmp_table_priv	Lock_tables_priv	Execute_priv	Repl_slave_priv	Repl_client_priv	Create_view_priv	Show_view_priv	Create_routine_priv	Alter_routine_priv	Create_user_priv	Event_priv	Trigger_priv	Create_tablespace_priv	Delete_history_priv	ssl_type	ssl_cipher	x509_issuer	x509_subject	max_questions	max_updates	max_connections	max_user_connections	plugin	authentication_string	password_expired	is_role	default_role	max_statement_time
-%	foo	*2470C0C06DEE42FD1618BB99005ADCA2EC9D1E19	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	ANY				0	0	0	0			N	N		0.000000
+%	foo		N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	ANY				0	0	0	0	mysql_native_password	*2470C0C06DEE42FD1618BB99005ADCA2EC9D1E19	N	N		0.000000
 drop user foo;
 create user foo identified by 'password' require X509;
 select * from mysql.user where user = 'foo';
 Host	User	Password	Select_priv	Insert_priv	Update_priv	Delete_priv	Create_priv	Drop_priv	Reload_priv	Shutdown_priv	Process_priv	File_priv	Grant_priv	References_priv	Index_priv	Alter_priv	Show_db_priv	Super_priv	Create_tmp_table_priv	Lock_tables_priv	Execute_priv	Repl_slave_priv	Repl_client_priv	Create_view_priv	Show_view_priv	Create_routine_priv	Alter_routine_priv	Create_user_priv	Event_priv	Trigger_priv	Create_tablespace_priv	Delete_history_priv	ssl_type	ssl_cipher	x509_issuer	x509_subject	max_questions	max_updates	max_connections	max_user_connections	plugin	authentication_string	password_expired	is_role	default_role	max_statement_time
-%	foo	*2470C0C06DEE42FD1618BB99005ADCA2EC9D1E19	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	X509				0	0	0	0			N	N		0.000000
+%	foo		N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	X509				0	0	0	0	mysql_native_password	*2470C0C06DEE42FD1618BB99005ADCA2EC9D1E19	N	N		0.000000
 drop user foo;
 create user foo identified by 'password' require CIPHER 'cipher';
 select * from mysql.user where user = 'foo';
 Host	User	Password	Select_priv	Insert_priv	Update_priv	Delete_priv	Create_priv	Drop_priv	Reload_priv	Shutdown_priv	Process_priv	File_priv	Grant_priv	References_priv	Index_priv	Alter_priv	Show_db_priv	Super_priv	Create_tmp_table_priv	Lock_tables_priv	Execute_priv	Repl_slave_priv	Repl_client_priv	Create_view_priv	Show_view_priv	Create_routine_priv	Alter_routine_priv	Create_user_priv	Event_priv	Trigger_priv	Create_tablespace_priv	Delete_history_priv	ssl_type	ssl_cipher	x509_issuer	x509_subject	max_questions	max_updates	max_connections	max_user_connections	plugin	authentication_string	password_expired	is_role	default_role	max_statement_time
-%	foo	*2470C0C06DEE42FD1618BB99005ADCA2EC9D1E19	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	SPECIFIED	cipher			0	0	0	0			N	N		0.000000
+%	foo		N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	SPECIFIED	cipher			0	0	0	0	mysql_native_password	*2470C0C06DEE42FD1618BB99005ADCA2EC9D1E19	N	N		0.000000
 drop user foo;
 create user foo identified by 'password' require ISSUER 'issuer';
 select * from mysql.user where user = 'foo';
 Host	User	Password	Select_priv	Insert_priv	Update_priv	Delete_priv	Create_priv	Drop_priv	Reload_priv	Shutdown_priv	Process_priv	File_priv	Grant_priv	References_priv	Index_priv	Alter_priv	Show_db_priv	Super_priv	Create_tmp_table_priv	Lock_tables_priv	Execute_priv	Repl_slave_priv	Repl_client_priv	Create_view_priv	Show_view_priv	Create_routine_priv	Alter_routine_priv	Create_user_priv	Event_priv	Trigger_priv	Create_tablespace_priv	Delete_history_priv	ssl_type	ssl_cipher	x509_issuer	x509_subject	max_questions	max_updates	max_connections	max_user_connections	plugin	authentication_string	password_expired	is_role	default_role	max_statement_time
-%	foo	*2470C0C06DEE42FD1618BB99005ADCA2EC9D1E19	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	SPECIFIED		issuer		0	0	0	0			N	N		0.000000
+%	foo		N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	SPECIFIED		issuer		0	0	0	0	mysql_native_password	*2470C0C06DEE42FD1618BB99005ADCA2EC9D1E19	N	N		0.000000
 drop user foo;
 create user foo identified by 'password' require SUBJECT 'subject';
 select * from mysql.user where user = 'foo';
 Host	User	Password	Select_priv	Insert_priv	Update_priv	Delete_priv	Create_priv	Drop_priv	Reload_priv	Shutdown_priv	Process_priv	File_priv	Grant_priv	References_priv	Index_priv	Alter_priv	Show_db_priv	Super_priv	Create_tmp_table_priv	Lock_tables_priv	Execute_priv	Repl_slave_priv	Repl_client_priv	Create_view_priv	Show_view_priv	Create_routine_priv	Alter_routine_priv	Create_user_priv	Event_priv	Trigger_priv	Create_tablespace_priv	Delete_history_priv	ssl_type	ssl_cipher	x509_issuer	x509_subject	max_questions	max_updates	max_connections	max_user_connections	plugin	authentication_string	password_expired	is_role	default_role	max_statement_time
-%	foo	*2470C0C06DEE42FD1618BB99005ADCA2EC9D1E19	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	SPECIFIED			subject	0	0	0	0			N	N		0.000000
+%	foo		N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	SPECIFIED			subject	0	0	0	0	mysql_native_password	*2470C0C06DEE42FD1618BB99005ADCA2EC9D1E19	N	N		0.000000
 drop user foo;
 create user foo identified by 'password' require CIPHER 'cipher'
                                                   SUBJECT 'subject';
 select * from mysql.user where user = 'foo';
 Host	User	Password	Select_priv	Insert_priv	Update_priv	Delete_priv	Create_priv	Drop_priv	Reload_priv	Shutdown_priv	Process_priv	File_priv	Grant_priv	References_priv	Index_priv	Alter_priv	Show_db_priv	Super_priv	Create_tmp_table_priv	Lock_tables_priv	Execute_priv	Repl_slave_priv	Repl_client_priv	Create_view_priv	Show_view_priv	Create_routine_priv	Alter_routine_priv	Create_user_priv	Event_priv	Trigger_priv	Create_tablespace_priv	Delete_history_priv	ssl_type	ssl_cipher	x509_issuer	x509_subject	max_questions	max_updates	max_connections	max_user_connections	plugin	authentication_string	password_expired	is_role	default_role	max_statement_time
-%	foo	*2470C0C06DEE42FD1618BB99005ADCA2EC9D1E19	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	SPECIFIED	cipher		subject	0	0	0	0			N	N		0.000000
+%	foo		N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	SPECIFIED	cipher		subject	0	0	0	0	mysql_native_password	*2470C0C06DEE42FD1618BB99005ADCA2EC9D1E19	N	N		0.000000
 drop user foo;
 create user foo identified by 'password' require CIPHER 'cipher' 
 AND SUBJECT 'subject'
                                                   AND ISSUER 'issuer';
 select * from mysql.user where user = 'foo';
 Host	User	Password	Select_priv	Insert_priv	Update_priv	Delete_priv	Create_priv	Drop_priv	Reload_priv	Shutdown_priv	Process_priv	File_priv	Grant_priv	References_priv	Index_priv	Alter_priv	Show_db_priv	Super_priv	Create_tmp_table_priv	Lock_tables_priv	Execute_priv	Repl_slave_priv	Repl_client_priv	Create_view_priv	Show_view_priv	Create_routine_priv	Alter_routine_priv	Create_user_priv	Event_priv	Trigger_priv	Create_tablespace_priv	Delete_history_priv	ssl_type	ssl_cipher	x509_issuer	x509_subject	max_questions	max_updates	max_connections	max_user_connections	plugin	authentication_string	password_expired	is_role	default_role	max_statement_time
-%	foo	*2470C0C06DEE42FD1618BB99005ADCA2EC9D1E19	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	SPECIFIED	cipher	issuer	subject	0	0	0	0			N	N		0.000000
+%	foo		N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	SPECIFIED	cipher	issuer	subject	0	0	0	0	mysql_native_password	*2470C0C06DEE42FD1618BB99005ADCA2EC9D1E19	N	N		0.000000
 drop user foo;
 create user foo, foo2 identified by 'password' require CIPHER 'cipher' 
 AND SUBJECT 'subject'
                                                   AND ISSUER 'issuer';
 select * from mysql.user where user like 'foo';
 Host	User	Password	Select_priv	Insert_priv	Update_priv	Delete_priv	Create_priv	Drop_priv	Reload_priv	Shutdown_priv	Process_priv	File_priv	Grant_priv	References_priv	Index_priv	Alter_priv	Show_db_priv	Super_priv	Create_tmp_table_priv	Lock_tables_priv	Execute_priv	Repl_slave_priv	Repl_client_priv	Create_view_priv	Show_view_priv	Create_routine_priv	Alter_routine_priv	Create_user_priv	Event_priv	Trigger_priv	Create_tablespace_priv	Delete_history_priv	ssl_type	ssl_cipher	x509_issuer	x509_subject	max_questions	max_updates	max_connections	max_user_connections	plugin	authentication_string	password_expired	is_role	default_role	max_statement_time
-%	foo		N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	SPECIFIED	cipher	issuer	subject	0	0	0	0			N	N		0.000000
+%	foo		N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	SPECIFIED	cipher	issuer	subject	0	0	0	0	mysql_native_password		N	N		0.000000
 #--warning ER_USER_CREATE_EXISTS
 create user if not exists foo, foo2 identified by 'password2'
    require CIPHER 'cipher2' AND SUBJECT 'subject2' AND ISSUER 'issuer2';
@ -60,7 +60,7 @@ Note	1973	Can't create user 'foo'@'%'; it already exists
 Note	1973	Can't create user 'foo2'@'%'; it already exists
 select * from mysql.user where user like 'foo';
 Host	User	Password	Select_priv	Insert_priv	Update_priv	Delete_priv	Create_priv	Drop_priv	Reload_priv	Shutdown_priv	Process_priv	File_priv	Grant_priv	References_priv	Index_priv	Alter_priv	Show_db_priv	Super_priv	Create_tmp_table_priv	Lock_tables_priv	Execute_priv	Repl_slave_priv	Repl_client_priv	Create_view_priv	Show_view_priv	Create_routine_priv	Alter_routine_priv	Create_user_priv	Event_priv	Trigger_priv	Create_tablespace_priv	Delete_history_priv	ssl_type	ssl_cipher	x509_issuer	x509_subject	max_questions	max_updates	max_connections	max_user_connections	plugin	authentication_string	password_expired	is_role	default_role	max_statement_time
-%	foo		N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	SPECIFIED	cipher	issuer	subject	0	0	0	0			N	N		0.000000
+%	foo		N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	SPECIFIED	cipher	issuer	subject	0	0	0	0	mysql_native_password		N	N		0.000000
 drop user foo, foo2;
 create user foo with MAX_QUERIES_PER_HOUR 10
 MAX_UPDATES_PER_HOUR 20
@ -68,5 +68,5 @@ MAX_CONNECTIONS_PER_HOUR 30
 MAX_USER_CONNECTIONS 40;
 select * from mysql.user where user like 'foo';
 Host	User	Password	Select_priv	Insert_priv	Update_priv	Delete_priv	Create_priv	Drop_priv	Reload_priv	Shutdown_priv	Process_priv	File_priv	Grant_priv	References_priv	Index_priv	Alter_priv	Show_db_priv	Super_priv	Create_tmp_table_priv	Lock_tables_priv	Execute_priv	Repl_slave_priv	Repl_client_priv	Create_view_priv	Show_view_priv	Create_routine_priv	Alter_routine_priv	Create_user_priv	Event_priv	Trigger_priv	Create_tablespace_priv	Delete_history_priv	ssl_type	ssl_cipher	x509_issuer	x509_subject	max_questions	max_updates	max_connections	max_user_connections	plugin	authentication_string	password_expired	is_role	default_role	max_statement_time
-%	foo		N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N					10	20	30	40			N	N		0.000000
+%	foo		N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N					10	20	30	40	mysql_native_password		N	N		0.000000
 drop user foo;
--- a/mysql-test/main/grant.result
+++ b/mysql-test/main/grant.result
@ -58,7 +58,7 @@ max_questions	0
 max_updates	0
 max_connections	0
 max_user_connections	0
-plugin	
+plugin	mysql_native_password
 authentication_string	
 password_expired	N
 is_role	N
@ -134,7 +134,7 @@ max_questions	10
 max_updates	0
 max_connections	0
 max_user_connections	0
-plugin	
+plugin	mysql_native_password
 authentication_string	
 password_expired	N
 is_role	N
@ -186,7 +186,7 @@ max_questions	10
 max_updates	20
 max_connections	30
 max_user_connections	0
-plugin	
+plugin	mysql_native_password
 authentication_string	
 password_expired	N
 is_role	N
--- a/mysql-test/main/grant2.result
+++ b/mysql-test/main/grant2.result
@ -181,19 +181,19 @@ grant select on *.* to 'mysqltest_2';
 grant insert on test.* to 'mysqltest_2';
 grant update on test.t1 to 'mysqltest_2';
 grant update (c2) on test.t2 to 'mysqltest_2';
-select host,user,password from mysql.user where user like 'mysqltest_%' order by host,user,password;
-host	user	password
-%	mysqltest_1	
-%	mysqltest_2	*BD447CBA355AF58578D3AE33BA2E2CD388BA08D1
-%	mysqltest_3	fffffffffffffffffffffffffffffffffffffffff
-select host,db,user from mysql.db where user like 'mysqltest_%' order by host,db,user;
+select host,user,password,plugin,authentication_string from mysql.user where user like 'mysqltest_%';
+host	user	password	plugin	authentication_string
+%	mysqltest_1		mysql_native_password	
+%	mysqltest_2		mysql_native_password	*BD447CBA355AF58578D3AE33BA2E2CD388BA08D1
+%	mysqltest_3		mysql_native_password	fffffffffffffffffffffffffffffffffffffffff
+select host,db,user from mysql.db where user like 'mysqltest_%';
 host	db	user
 %	test	mysqltest_2
-select host,db,user,table_name from mysql.tables_priv where user like 'mysqltest_%' order by host,db,user,table_name;
+select host,db,user,table_name from mysql.tables_priv where user like 'mysqltest_%';
 host	db	user	table_name
 %	test	mysqltest_2	t1
 %	test	mysqltest_2	t2
-select host,db,user,table_name,column_name from mysql.columns_priv where user like 'mysqltest_%' order by host,db,user,table_name,column_name;
+select host,db,user,table_name,column_name from mysql.columns_priv where user like 'mysqltest_%';
 host	db	user	table_name	column_name
 %	test	mysqltest_2	t2	c2
 show grants for 'mysqltest_1';
@ -206,35 +206,35 @@ GRANT INSERT ON "test".* TO 'mysqltest_2'@'%'
 GRANT UPDATE (c2) ON "test"."t2" TO 'mysqltest_2'@'%'
 GRANT UPDATE ON "test"."t1" TO 'mysqltest_2'@'%'
 drop user 'mysqltest_1';
-select host,user,password from mysql.user where user like 'mysqltest_%' order by host,user,password;
-host	user	password
-%	mysqltest_2	*BD447CBA355AF58578D3AE33BA2E2CD388BA08D1
-%	mysqltest_3	fffffffffffffffffffffffffffffffffffffffff
-select host,db,user from mysql.db where user like 'mysqltest_%' order by host,db,user;
+select host,user,password,plugin,authentication_string from mysql.user where user like 'mysqltest_%';
+host	user	password	plugin	authentication_string
+%	mysqltest_2		mysql_native_password	*BD447CBA355AF58578D3AE33BA2E2CD388BA08D1
+%	mysqltest_3		mysql_native_password	fffffffffffffffffffffffffffffffffffffffff
+select host,db,user from mysql.db where user like 'mysqltest_%';
 host	db	user
 %	test	mysqltest_2
-select host,db,user,table_name from mysql.tables_priv where user like 'mysqltest_%' order by host,db,user,table_name;
+select host,db,user,table_name from mysql.tables_priv where user like 'mysqltest_%';
 host	db	user	table_name
 %	test	mysqltest_2	t1
 %	test	mysqltest_2	t2
-select host,db,user,table_name,column_name from mysql.columns_priv where user like 'mysqltest_%' order by host,db,user,table_name,column_name;
+select host,db,user,table_name,column_name from mysql.columns_priv where user like 'mysqltest_%';
 host	db	user	table_name	column_name
 %	test	mysqltest_2	t2	c2
 show grants for 'mysqltest_1';
 ERROR 42000: There is no such grant defined for user 'mysqltest_1' on host '%'
 rename user 'mysqltest_2' to 'mysqltest_1';
-select host,user,password from mysql.user where user like 'mysqltest_%' order by host,user,password;
-host	user	password
-%	mysqltest_1	*BD447CBA355AF58578D3AE33BA2E2CD388BA08D1
-%	mysqltest_3	fffffffffffffffffffffffffffffffffffffffff
-select host,db,user from mysql.db where user like 'mysqltest_%' order by host,db,user;
+select host,user,password,plugin,authentication_string from mysql.user where user like 'mysqltest_%' ;
+host	user	password	plugin	authentication_string
+%	mysqltest_1		mysql_native_password	*BD447CBA355AF58578D3AE33BA2E2CD388BA08D1
+%	mysqltest_3		mysql_native_password	fffffffffffffffffffffffffffffffffffffffff
+select host,db,user from mysql.db where user like 'mysqltest_%' ;
 host	db	user
 %	test	mysqltest_1
-select host,db,user,table_name from mysql.tables_priv where user like 'mysqltest_%' order by host,db,user,table_name;
+select host,db,user,table_name from mysql.tables_priv where user like 'mysqltest_%' ;
 host	db	user	table_name
 %	test	mysqltest_1	t1
 %	test	mysqltest_1	t2
-select host,db,user,table_name,column_name from mysql.columns_priv where user like 'mysqltest_%' order by host,db,user,table_name,column_name;
+select host,db,user,table_name,column_name from mysql.columns_priv where user like 'mysqltest_%' ;
 host	db	user	table_name	column_name
 %	test	mysqltest_1	t2	c2
 show grants for 'mysqltest_1';
@ -254,21 +254,21 @@ ERROR 42000: There is no such grant defined for user 'mysqltest_1' on host '%'
 revoke all privileges, grant option from 'mysqltest_1';
 ERROR HY000: Can't revoke all privileges for one or more of the requested users
 drop user 'mysqltest_1';
-select host,db,user from mysql.db where user = 'mysqltest_1' order by host,db,user;
+select host,db,user from mysql.db where user = 'mysqltest_1' ;
 host	db	user
 insert into mysql.tables_priv set host='%', db='test', user='mysqltest_1', table_name='t1';
 flush privileges;
 show grants for 'mysqltest_1';
 ERROR 42000: There is no such grant defined for user 'mysqltest_1' on host '%'
 drop user 'mysqltest_1';
-select host,db,user,table_name from mysql.tables_priv where user = 'mysqltest_1' order by host,db,user,table_name;
+select host,db,user,table_name from mysql.tables_priv where user = 'mysqltest_1' ;
 host	db	user	table_name
 insert into mysql.columns_priv set host='%', db='test', user='mysqltest_1', table_name='t1', column_name='c1';
 flush privileges;
 show grants for 'mysqltest_1';
 ERROR 42000: There is no such grant defined for user 'mysqltest_1' on host '%'
 drop user 'mysqltest_1';
-select host,db,user,table_name,column_name from mysql.columns_priv where user = 'mysqltest_1' order by host,db,user,table_name,column_name;
+select host,db,user,table_name,column_name from mysql.columns_priv where user = 'mysqltest_1' ;
 host	db	user	table_name	column_name
 create user 'mysqltest_1', 'mysqltest_2', 'mysqltest_3';
 drop user 'mysqltest_1', 'mysqltest_2', 'mysqltest_3';
@ -310,7 +310,7 @@ create user mysqltest_2@localhost;
 grant create user on *.* to mysqltest_2@localhost;
 connect  user3,localhost,mysqltest_2,,;
 connection user3;
-select host,user,password from mysql.user where user like 'mysqltest_%' order by host,user,password;
+select host,user,password,plugin,authentication_string from mysql.user where user like 'mysqltest_%' ;
 ERROR 42000: SELECT command denied to user 'mysqltest_2'@'localhost' for table 'user'
 create user mysqltest_A@'%';
 rename user mysqltest_A@'%' to mysqltest_B@'%';
@ -326,7 +326,7 @@ show grants;
 Grants for mysqltest_3@localhost
 GRANT USAGE ON *.* TO 'mysqltest_3'@'localhost'
 GRANT INSERT, UPDATE, DELETE ON `mysql`.* TO 'mysqltest_3'@'localhost'
-select host,user,password from mysql.user where user like 'mysqltest_%' order by host,user,password;
+select host,user,password,plugin,authentication_string from mysql.user where user like 'mysqltest_%' ;
 ERROR 42000: SELECT command denied to user 'mysqltest_3'@'localhost' for table 'user'
 insert into mysql.user set host='%', user='mysqltest_B';
 Warnings:
@ -555,29 +555,26 @@ End of 5.0 tests
 USE mysql;
 SELECT LEFT(CURRENT_USER(),INSTR(CURRENT_USER(),'@')-1) INTO @u;
 SELECT MID(CURRENT_USER(),INSTR(CURRENT_USER(),'@')+1)  INTO @h;
-SELECT password FROM user WHERE user=@u AND host=@h INTO @pwd;
-Warnings:
-Warning	1287	'<select expression> INTO <destination>;' is deprecated and will be removed in a future release. Please use 'SELECT <select list> INTO <destination> FROM...' instead
-SELECT user,host,password,insert_priv FROM user WHERE user=@u AND host=@h;
-user	host	password	insert_priv
-root	localhost		Y
+SELECT user,host,password,plugin,authentication_string,insert_priv FROM user WHERE user=@u AND host=@h;
+user	host	password	plugin	authentication_string	insert_priv
+root	localhost				Y
 UPDATE user SET insert_priv='N' WHERE user=@u AND host=@h;
-SELECT user,host,password,insert_priv FROM user WHERE user=@u AND host=@h;
-user	host	password	insert_priv
-root	localhost		N
+SELECT user,host,password,plugin,authentication_string,insert_priv FROM user WHERE user=@u AND host=@h;
+user	host	password	plugin	authentication_string	insert_priv
+root	localhost				N
 GRANT INSERT ON *.* TO CURRENT_USER();
-SELECT user,host,password,insert_priv FROM user WHERE user=@u AND host=@h;
-user	host	password	insert_priv
-root	localhost		Y
+SELECT user,host,password,plugin,authentication_string,insert_priv FROM user WHERE user=@u AND host=@h;
+user	host	password	plugin	authentication_string	insert_priv
+root	localhost				Y
 UPDATE user SET insert_priv='N' WHERE user=@u AND host=@h;
 GRANT INSERT ON *.* TO CURRENT_USER() IDENTIFIED BY 'keksdose';
-SELECT user,host,password,insert_priv FROM user WHERE user=@u AND host=@h;
-user	host	password	insert_priv
-root	localhost	*0BB7188CF0DE9B403BA66E9DD810D82652D002EB	Y
-UPDATE user SET password=@pwd WHERE user=@u AND host=@h;
-SELECT user,host,password,insert_priv FROM user WHERE user=@u AND host=@h;
-user	host	password	insert_priv
-root	localhost		Y
+SELECT user,host,password,plugin,authentication_string,insert_priv FROM user WHERE user=@u AND host=@h;
+user	host	password	plugin	authentication_string	insert_priv
+root	localhost		mysql_native_password	*0BB7188CF0DE9B403BA66E9DD810D82652D002EB	Y
+UPDATE user SET plugin='', authentication_string='' WHERE user=@u AND host=@h;
+SELECT user,host,password,plugin,authentication_string,insert_priv FROM user WHERE user=@u AND host=@h;
+user	host	password	plugin	authentication_string	insert_priv
+root	localhost				Y
 FLUSH PRIVILEGES;
 USE test;
 End of 5.1 tests
--- a/mysql-test/main/grant2.test
+++ b/mysql-test/main/grant2.test
@ -231,28 +231,40 @@ grant select on *.* to 'mysqltest_2';
 grant insert on test.* to 'mysqltest_2';
 grant update on test.t1 to 'mysqltest_2';
 grant update (c2) on test.t2 to 'mysqltest_2';
-select host,user,password from mysql.user where user like 'mysqltest_%' order by host,user,password;
-select host,db,user from mysql.db where user like 'mysqltest_%' order by host,db,user;
-select host,db,user,table_name from mysql.tables_priv where user like 'mysqltest_%' order by host,db,user,table_name;
-select host,db,user,table_name,column_name from mysql.columns_priv where user like 'mysqltest_%' order by host,db,user,table_name,column_name;
+--sorted_result
+select host,user,password,plugin,authentication_string from mysql.user where user like 'mysqltest_%';
+--sorted_result
+select host,db,user from mysql.db where user like 'mysqltest_%';
+--sorted_result
+select host,db,user,table_name from mysql.tables_priv where user like 'mysqltest_%';
+--sorted_result
+select host,db,user,table_name,column_name from mysql.columns_priv where user like 'mysqltest_%';
 show grants for 'mysqltest_1';
 show grants for 'mysqltest_2';
 #
 # Drop
 drop user 'mysqltest_1';
-select host,user,password from mysql.user where user like 'mysqltest_%' order by host,user,password;
-select host,db,user from mysql.db where user like 'mysqltest_%' order by host,db,user;
-select host,db,user,table_name from mysql.tables_priv where user like 'mysqltest_%' order by host,db,user,table_name;
-select host,db,user,table_name,column_name from mysql.columns_priv where user like 'mysqltest_%' order by host,db,user,table_name,column_name;
+--sorted_result
+select host,user,password,plugin,authentication_string from mysql.user where user like 'mysqltest_%';
+--sorted_result
+select host,db,user from mysql.db where user like 'mysqltest_%';
+--sorted_result
+select host,db,user,table_name from mysql.tables_priv where user like 'mysqltest_%';
+--sorted_result
+select host,db,user,table_name,column_name from mysql.columns_priv where user like 'mysqltest_%';
 --error ER_NONEXISTING_GRANT
 show grants for 'mysqltest_1';
 #
 # Rename
 rename user 'mysqltest_2' to 'mysqltest_1';
-select host,user,password from mysql.user where user like 'mysqltest_%' order by host,user,password;
-select host,db,user from mysql.db where user like 'mysqltest_%' order by host,db,user;
-select host,db,user,table_name from mysql.tables_priv where user like 'mysqltest_%' order by host,db,user,table_name;
-select host,db,user,table_name,column_name from mysql.columns_priv where user like 'mysqltest_%' order by host,db,user,table_name,column_name;
+--sorted_result
+select host,user,password,plugin,authentication_string from mysql.user where user like 'mysqltest_%' ;
+--sorted_result
+select host,db,user from mysql.db where user like 'mysqltest_%' ;
+--sorted_result
+select host,db,user,table_name from mysql.tables_priv where user like 'mysqltest_%' ;
+--sorted_result
+select host,db,user,table_name,column_name from mysql.columns_priv where user like 'mysqltest_%' ;
 show grants for 'mysqltest_1';
 drop user 'mysqltest_1', 'mysqltest_3';
 --error ER_CANNOT_USER
@ -269,7 +281,8 @@ show grants for 'mysqltest_1';
 --error ER_REVOKE_GRANTS
 revoke all privileges, grant option from 'mysqltest_1';
 drop user 'mysqltest_1';
-select host,db,user from mysql.db where user = 'mysqltest_1' order by host,db,user;
+--sorted_result
+select host,db,user from mysql.db where user = 'mysqltest_1' ;
 #
 # Add a stray record
 insert into mysql.tables_priv set host='%', db='test', user='mysqltest_1', table_name='t1';
@ -277,7 +290,8 @@ flush privileges;
 --error ER_NONEXISTING_GRANT
 show grants for 'mysqltest_1';
 drop user 'mysqltest_1';
-select host,db,user,table_name from mysql.tables_priv where user = 'mysqltest_1' order by host,db,user,table_name;
+--sorted_result
+select host,db,user,table_name from mysql.tables_priv where user = 'mysqltest_1' ;
 #
 # Add a stray record
 insert into mysql.columns_priv set host='%', db='test', user='mysqltest_1', table_name='t1', column_name='c1';
@ -285,7 +299,8 @@ flush privileges;
 --error ER_NONEXISTING_GRANT
 show grants for 'mysqltest_1';
 drop user 'mysqltest_1';
-select host,db,user,table_name,column_name from mysql.columns_priv where user = 'mysqltest_1' order by host,db,user,table_name,column_name;
+--sorted_result
+select host,db,user,table_name,column_name from mysql.columns_priv where user = 'mysqltest_1' ;
 #
 # Handle multi user lists
 create user 'mysqltest_1', 'mysqltest_2', 'mysqltest_3';
@ -330,7 +345,7 @@ grant create user on *.* to mysqltest_2@localhost;
 connect (user3,localhost,mysqltest_2,,);
 connection user3;
 --error ER_TABLEACCESS_DENIED_ERROR
-select host,user,password from mysql.user where user like 'mysqltest_%' order by host,user,password;
+select host,user,password,plugin,authentication_string from mysql.user where user like 'mysqltest_%' ;
 create user mysqltest_A@'%';
 rename user mysqltest_A@'%' to mysqltest_B@'%';
 drop user mysqltest_B@'%';
@ -345,7 +360,7 @@ connect (user4,localhost,mysqltest_3,,);
 connection user4;
 show grants;
 --error ER_TABLEACCESS_DENIED_ERROR
-select host,user,password from mysql.user where user like 'mysqltest_%' order by host,user,password;
+select host,user,password,plugin,authentication_string from mysql.user where user like 'mysqltest_%' ;
 insert into mysql.user set host='%', user='mysqltest_B';
 create user mysqltest_A@'%';
 rename user mysqltest_B@'%' to mysqltest_C@'%';
@ -642,26 +657,25 @@ DROP DATABASE db1;
 USE mysql;
 SELECT LEFT(CURRENT_USER(),INSTR(CURRENT_USER(),'@')-1) INTO @u;
 SELECT MID(CURRENT_USER(),INSTR(CURRENT_USER(),'@')+1)  INTO @h;
-SELECT password FROM user WHERE user=@u AND host=@h INTO @pwd;

 # show current privs.
-SELECT user,host,password,insert_priv FROM user WHERE user=@u AND host=@h;
+SELECT user,host,password,plugin,authentication_string,insert_priv FROM user WHERE user=@u AND host=@h;

 # toggle INSERT
 UPDATE user SET insert_priv='N' WHERE user=@u AND host=@h;
-SELECT user,host,password,insert_priv FROM user WHERE user=@u AND host=@h;
+SELECT user,host,password,plugin,authentication_string,insert_priv FROM user WHERE user=@u AND host=@h;

 # show that GRANT ... TO CURRENT_USER() no longer crashes
 GRANT INSERT ON *.* TO CURRENT_USER();
-SELECT user,host,password,insert_priv FROM user WHERE user=@u AND host=@h;
+SELECT user,host,password,plugin,authentication_string,insert_priv FROM user WHERE user=@u AND host=@h;
 UPDATE user SET insert_priv='N' WHERE user=@u AND host=@h;

 # show that GRANT ... TO CURRENT_USER() IDENTIFIED BY ... works now
 GRANT INSERT ON *.* TO CURRENT_USER() IDENTIFIED BY 'keksdose';
-SELECT user,host,password,insert_priv FROM user WHERE user=@u AND host=@h;
+SELECT user,host,password,plugin,authentication_string,insert_priv FROM user WHERE user=@u AND host=@h;

-UPDATE user SET password=@pwd WHERE user=@u AND host=@h;
-SELECT user,host,password,insert_priv FROM user WHERE user=@u AND host=@h;
+UPDATE user SET plugin='', authentication_string='' WHERE user=@u AND host=@h;
+SELECT user,host,password,plugin,authentication_string,insert_priv FROM user WHERE user=@u AND host=@h;

 FLUSH PRIVILEGES;

--- a/mysql-test/main/grant4.result
+++ b/mysql-test/main/grant4.result
@ -199,14 +199,14 @@ grant select on test.* to foo7 identified via mysql_native_password using '11111
 grant select on test.* to foo8 identified via mysql_old_password using '2222222222222222';
 select user,password,plugin,authentication_string from mysql.user where user like 'foo%';
 user	password	plugin	authentication_string
-foo1	11111111111111111111111111111111111111111		
-foo2	2222222222222222		
-foo3	11111111111111111111111111111111111111111		
-foo4	2222222222222222		
-foo5	11111111111111111111111111111111111111111		
-foo6	2222222222222222		
-foo7	11111111111111111111111111111111111111111		
-foo8	2222222222222222		
+foo1		mysql_native_password	11111111111111111111111111111111111111111
+foo2		mysql_old_password	2222222222222222
+foo3		mysql_native_password	11111111111111111111111111111111111111111
+foo4		mysql_old_password	2222222222222222
+foo5		mysql_native_password	11111111111111111111111111111111111111111
+foo6		mysql_old_password	2222222222222222
+foo7		mysql_native_password	11111111111111111111111111111111111111111
+foo8		mysql_old_password	2222222222222222
 drop user foo1;
 drop user foo2;
 drop user foo3;
--- a/mysql-test/main/init_file_set_password-7656.result
+++ b/mysql-test/main/init_file_set_password-7656.result
@ -2,7 +2,7 @@ create user foo@localhost;
 select user,host,password from mysql.user where user='foo';
 user	host	password
 foo	localhost	
-select user,host,password from mysql.user where user='foo';
-user	host	password
-foo	localhost	*94BDCEBE19083CE2A1F959FD02F964C7AF4CFC29
+select user,host,password,plugin,authentication_string from mysql.user where user='foo';
+user	host	password	plugin	authentication_string
+foo	localhost		mysql_native_password	*94BDCEBE19083CE2A1F959FD02F964C7AF4CFC29
 drop user foo@localhost;
--- a/mysql-test/main/init_file_set_password-7656.test
+++ b/mysql-test/main/init_file_set_password-7656.test
@ -21,6 +21,6 @@ EOF
 --exec echo "restart:--init-file=$MYSQLTEST_VARDIR/init.file  " > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect

 --source include/wait_until_connected_again.inc
-select user,host,password from mysql.user where user='foo';
+select user,host,password,plugin,authentication_string from mysql.user where user='foo';

 drop user foo@localhost;
--- a/mysql-test/main/no_password_column-mdev-11170.result
+++ b/mysql-test/main/no_password_column-mdev-11170.result
@ -87,7 +87,7 @@ select user, host, select_priv, plugin, authentication_string from mysql.user
 where user like "%oo"
 order by user;
 user	host	select_priv	plugin	authentication_string
-foo	%	N		
+foo	%	N	mysql_native_password	
 goo	%	N	mysql_native_password	*F3A2A51A9B0F2BE2468926B4132313728C250DBF
 ioo	%	N	mysql_old_password	7a8f886d28473e85
 #
--- a/mysql-test/main/plugin_auth_qa.result
+++ b/mysql-test/main/plugin_auth_qa.result
@ -106,7 +106,7 @@ CREATE USER plug_dest IDENTIFIED BY 'plug_dest_passwd';
 SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
 user	plugin	authentication_string
 plug	test_plugin_server	plug_dest
-plug_dest		
+plug_dest	mysql_native_password	*939AEE68989794C0F408277411C26055CDF41119
 DROP USER plug, plug_dest;
 CREATE USER plug IDENTIFIED WITH 'test_plugin_server' AS 'plug_dest';
 SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
@ -116,7 +116,7 @@ DROP USER plug;
 CREATE USER plug_dest IDENTIFIED BY 'plug_dest_passwd';
 SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
 user	plugin	authentication_string
-plug_dest		
+plug_dest	mysql_native_password	*939AEE68989794C0F408277411C26055CDF41119
 DROP USER plug_dest;
 GRANT ALL PRIVILEGES ON test_user_db.* TO plug IDENTIFIED WITH 'test_plugin_server' AS 'plug_dest';
 SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
@ -126,7 +126,7 @@ CREATE USER plug_dest IDENTIFIED BY 'plug_dest_passwd';
 SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
 user	plugin	authentication_string
 plug	test_plugin_server	plug_dest
-plug_dest		
+plug_dest	mysql_native_password	*939AEE68989794C0F408277411C26055CDF41119
 DROP USER plug, plug_dest;
 GRANT ALL PRIVILEGES ON test_user_db.* TO plug IDENTIFIED WITH test_plugin_server AS 'plug_dest';
 SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
@ -136,7 +136,7 @@ DROP USER plug;
 CREATE USER plug_dest IDENTIFIED BY 'plug_dest_passwd';
 SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
 user	plugin	authentication_string
-plug_dest		
+plug_dest	mysql_native_password	*939AEE68989794C0F408277411C26055CDF41119
 DROP USER plug_dest;
 CREATE USER plug IDENTIFIED WITH 'test_plugin_server' AS 'plug_dest';
 SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
@ -146,7 +146,7 @@ GRANT ALL PRIVILEGES ON test_user_db.* TO plug_dest IDENTIFIED BY 'plug_dest_pas
 SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
 user	plugin	authentication_string
 plug	test_plugin_server	plug_dest
-plug_dest		
+plug_dest	mysql_native_password	*939AEE68989794C0F408277411C26055CDF41119
 DROP USER plug, plug_dest;
 CREATE USER plug IDENTIFIED WITH 'test_plugin_server' AS 'plug_dest';
 SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
@ -156,7 +156,7 @@ DROP USER plug;
 GRANT ALL PRIVILEGES ON test_user_db.* TO plug_dest IDENTIFIED BY 'plug_dest_passwd';
 SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
 user	plugin	authentication_string
-plug_dest		
+plug_dest	mysql_native_password	*939AEE68989794C0F408277411C26055CDF41119
 DROP USER plug_dest;
 CREATE USER plug IDENTIFIED WITH 'test_plugin_server' AS 'plug_dest';
 GRANT ALL PRIVILEGES ON test_user_db.* TO plug IDENTIFIED WITH 'test_plugin_server' AS 'plug_dest';
@ -175,7 +175,7 @@ plug	test_plugin_server	plug_dest
 GRANT ALL PRIVILEGES ON test_user_db.* TO plug IDENTIFIED BY 'plug_dest_passwd';
 SELECT user,plugin,authentication_string,password FROM mysql.user WHERE user != 'root';
 user	plugin	authentication_string	password
-plug			*939AEE68989794C0F408277411C26055CDF41119
+plug	mysql_native_password	*939AEE68989794C0F408277411C26055CDF41119	
 DROP USER plug;
 GRANT ALL PRIVILEGES ON test_user_db.* TO plug IDENTIFIED WITH test_plugin_server AS 'plug_dest';
 CREATE USER plug IDENTIFIED BY 'plug_dest_passwd';
@ -209,7 +209,7 @@ DROP USER plüg;
 CREATE USER plüg_dest IDENTIFIED BY 'plug_dest_passwd';
 SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
 user	plugin	authentication_string
-plüg_dest		
+plüg_dest	mysql_native_password	*939AEE68989794C0F408277411C26055CDF41119
 DROP USER plüg_dest;
 SET NAMES ascii;
 CREATE USER 'plüg' IDENTIFIED WITH 'test_plugin_server' AS 'plüg_dest';
@ -220,7 +220,7 @@ DROP USER 'plüg';
 CREATE USER 'plüg_dest' IDENTIFIED BY 'plug_dest_passwd';
 SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
 user	plugin	authentication_string
-pl??g_dest		
+pl??g_dest	mysql_native_password	*939AEE68989794C0F408277411C26055CDF41119
 DROP USER 'plüg_dest';
 SET NAMES latin1;
 ========== test 1.1.1.5 ====================================
@ -234,7 +234,7 @@ DROP USER 'plug';
 CREATE USER 'plüg_dest' IDENTIFIED BY 'plug_dest_passwd';
 SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
 user	plugin	authentication_string
-plüg_dest		
+plüg_dest	mysql_native_password	*939AEE68989794C0F408277411C26055CDF41119
 DROP USER 'plüg_dest';
 SET NAMES utf8;
 CREATE USER plüg IDENTIFIED WITH 'test_plügin_server' AS 'plüg_dest';
@ -247,7 +247,7 @@ DROP USER 'plüg';
 CREATE USER 'plüg_dest' IDENTIFIED BY 'plug_dest_passwd';
 SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
 user	plugin	authentication_string
-plüg_dest		
+plüg_dest	mysql_native_password	*939AEE68989794C0F408277411C26055CDF41119
 DROP USER 'plüg_dest';
 CREATE USER plüg IDENTIFIED WITH test_plugin_server AS 'plüg_dest';
 SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
@ -257,7 +257,7 @@ DROP USER plüg;
 CREATE USER plüg_dest IDENTIFIED BY 'plug_dest_passwd';
 SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
 user	plugin	authentication_string
-plüg_dest		
+plüg_dest	mysql_native_password	*939AEE68989794C0F408277411C26055CDF41119
 DROP USER plüg_dest;
 ========== test 1.1.1.2/1.1.2.2=============================
 SET @auth_name= 'test_plugin_server';
@ -277,7 +277,7 @@ DROP USER plug;
 CREATE USER 'hh''s_plug_dest' IDENTIFIED BY 'plug_dest_passwd';
 SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
 user	plugin	authentication_string
-hh's_plug_dest		
+hh's_plug_dest	mysql_native_password	*939AEE68989794C0F408277411C26055CDF41119
 DROP USER 'hh''s_plug_dest';
 ========== test 1.1.1.4 ====================================
 CREATE USER plug IDENTIFIED WITH hh''s_test_plugin_server AS 'plug_dest';
@ -293,7 +293,7 @@ GRANT ALL PRIVILEGES ON test_user_db.* TO plug_dest;
 SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
 user	plugin	authentication_string
 grant_user	test_plugin_server	plug_dest
-plug_dest		
+plug_dest	mysql_native_password	
 DROP USER grant_user,plug_dest;
 set @save_sql_mode= @@sql_mode;
 SET @@sql_mode=no_auto_create_user;
@ -314,13 +314,13 @@ CREATE USER plug_dest IDENTIFIED BY 'plug_dest_passwd';
 SELECT user,plugin,authentication_string,password FROM mysql.user WHERE user != 'root';
 user	plugin	authentication_string	password
 grant_user	test_plugin_server	plug_dest	
-plug_dest			*939AEE68989794C0F408277411C26055CDF41119
+plug_dest	mysql_native_password	*939AEE68989794C0F408277411C26055CDF41119	
 DROP USER plug_dest;
 GRANT ALL PRIVILEGES ON test_user_db.* TO plug_dest IDENTIFIED BY 'plug_user_passwd';
 SELECT user,plugin,authentication_string,password FROM mysql.user WHERE user != 'root';
 user	plugin	authentication_string	password
 grant_user	test_plugin_server	plug_dest	
-plug_dest			*560881EB651416CEF77314D07D55EDCD5FC1BD6D
+plug_dest	mysql_native_password	*560881EB651416CEF77314D07D55EDCD5FC1BD6D	
 DROP USER grant_user,plug_dest;
 set @@sql_mode= @save_sql_mode;
 DROP DATABASE test_user_db;
--- a/mysql-test/main/plugin_auth_qa_1.result
+++ b/mysql-test/main/plugin_auth_qa_1.result
@ -20,7 +20,7 @@ GRANT ALL PRIVILEGES ON test_user_db.* TO plug_dest IDENTIFIED BY 'plug_dest_pas
 GRANT PROXY ON plug_dest TO plug_user;
 SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
 user	plugin	authentication_string
-plug_dest		
+plug_dest	mysql_native_password	*939AEE68989794C0F408277411C26055CDF41119
 plug_user	test_plugin_server	plug_dest
 1)
 current_user()
@ -71,7 +71,7 @@ GRANT PROXY ON new_dest TO plug_user;
 ERROR 1045 (28000): Access denied for user 'plug_user'@'localhost' (using password: YES)
 SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
 user	plugin	authentication_string
-new_dest		
+new_dest	mysql_native_password	*939AEE68989794C0F408277411C26055CDF41119
 plug_user	test_plugin_server	plug_dest
 DROP USER plug_user,new_dest;
 CREATE USER plug_user
@ -89,7 +89,7 @@ GRANT PROXY ON new_dest TO plug_user;
 ERROR 1045 (28000): Access denied for user 'plug_user'@'localhost' (using password: YES)
 SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
 user	plugin	authentication_string
-new_dest		
+new_dest	mysql_native_password	*939AEE68989794C0F408277411C26055CDF41119
 plug_user	test_plugin_server	plug_dest
 DROP USER plug_user,new_dest;
 CREATE USER plug_user
@ -111,13 +111,13 @@ connection default;
 SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
 user	plugin	authentication_string
 new_user	test_plugin_server	plug_dest
-plug_dest		
+plug_dest	mysql_native_password	*939AEE68989794C0F408277411C26055CDF41119
 disconnect plug_user;
 UPDATE mysql.user SET user='plug_user' WHERE user='new_user';
 FLUSH PRIVILEGES;
 SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
 user	plugin	authentication_string
-plug_dest		
+plug_dest	mysql_native_password	*939AEE68989794C0F408277411C26055CDF41119
 plug_user	test_plugin_server	plug_dest
 DROP USER plug_dest,plug_user;
 ========== test 1.3 ========================================
@ -133,26 +133,26 @@ connection default;
 disconnect plug_user;
 SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
 user	plugin	authentication_string
-plug_dest		
+plug_dest	mysql_native_password	*939AEE68989794C0F408277411C26055CDF41119
 plug_user	test_plugin_server	plug_dest
 UPDATE mysql.user SET user='new_user' WHERE user='plug_user';
 FLUSH PRIVILEGES;
 SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
 user	plugin	authentication_string
 new_user	test_plugin_server	plug_dest
-plug_dest		
+plug_dest	mysql_native_password	*939AEE68989794C0F408277411C26055CDF41119
 UPDATE mysql.user SET authentication_string='new_dest' WHERE user='new_user';
 FLUSH PRIVILEGES;
 SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
 user	plugin	authentication_string
 new_user	test_plugin_server	new_dest
-plug_dest		
+plug_dest	mysql_native_password	*939AEE68989794C0F408277411C26055CDF41119
 UPDATE mysql.user SET plugin='new_plugin_server' WHERE user='new_user';
 FLUSH PRIVILEGES;
 SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
 user	plugin	authentication_string
 new_user	new_plugin_server	new_dest
-plug_dest		
+plug_dest	mysql_native_password	*939AEE68989794C0F408277411C26055CDF41119
 ERROR HY000: Plugin 'new_plugin_server' is not loaded
 UPDATE mysql.user SET plugin='test_plugin_server' WHERE user='new_user';
 UPDATE mysql.user SET USER='new_dest' WHERE user='plug_dest';
@ -160,7 +160,7 @@ FLUSH PRIVILEGES;
 GRANT PROXY ON new_dest TO new_user;
 SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
 user	plugin	authentication_string
-new_dest		
+new_dest	mysql_native_password	*939AEE68989794C0F408277411C26055CDF41119
 new_user	test_plugin_server	new_dest
 connect plug_user,localhost,new_user,new_dest;
 select USER(),CURRENT_USER();
@ -173,9 +173,9 @@ FLUSH PRIVILEGES;
 CREATE USER new_dest IDENTIFIED BY 'new_dest_passwd';
 SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
 user	plugin	authentication_string
-new_dest		
+new_dest	mysql_native_password	*01422E86A6FFF84618914AF149F9AEF64B84170A
 new_user	test_plugin_server	new_dest
-plug_dest		
+plug_dest	mysql_native_password	*939AEE68989794C0F408277411C26055CDF41119
 GRANT ALL PRIVILEGES ON test.* TO new_user;
 connect plug_user,localhost,new_dest,new_dest_passwd;
 select USER(),CURRENT_USER();
@ -190,7 +190,7 @@ CREATE USER proxied_user IDENTIFIED BY 'proxied_user_passwd';
 SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
 user	plugin	authentication_string
 	test_plugin_server	proxied_user
-proxied_user		
+proxied_user	mysql_native_password	*D7A51428CD38DB3C5293B9321DA1228BFB1611DD
 connect proxy_con,localhost,proxied_user,proxied_user_passwd;
 SELECT USER(),CURRENT_USER();
 USER()	CURRENT_USER()
@ -226,7 +226,7 @@ CREATE USER proxied_user IDENTIFIED BY 'proxied_user_passwd';
 SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
 user	plugin	authentication_string
 	test_plugin_server	proxied_user
-proxied_user		
+proxied_user	mysql_native_password	*D7A51428CD38DB3C5293B9321DA1228BFB1611DD
 connect proxy_con,localhost,proxied_user,proxied_user_passwd;
 SELECT USER(),CURRENT_USER();
 USER()	CURRENT_USER()
@ -268,11 +268,11 @@ GRANT PROXY ON proxied_user_5 TO ''@'%%';
 SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
 user	plugin	authentication_string
 	test_plugin_server	proxied_user
-proxied_user_1		
-proxied_user_2		
-proxied_user_3		
-proxied_user_4		
-proxied_user_5		
+proxied_user_1	mysql_native_password	*551D5A5177FCC3340F7D2FB0F4D8D1EEA7F7EF71
+proxied_user_2	mysql_native_password	*3D948F77C6A988AFDCA9755AB2A6724362557220
+proxied_user_3	mysql_native_password	*41A18925D237DEE738C76581153990B037F462E3
+proxied_user_4	mysql_native_password	*F990073A9B96FF535C2D0721406042B8751E593F
+proxied_user_5	mysql_native_password	*5AA915C5D0B5B1336336FD2BF7768BC09FD1F5B2
 connect proxy_con_1,localhost,proxied_user_1,'proxied_user_1_pwd';
 connect proxy_con_2,localhost,proxied_user_2,proxied_user_2_pwd;
 connect proxy_con_3,localhost,proxied_user_3,proxied_user_3_pwd;
--- a/mysql-test/main/plugin_auth_qa_2.result
+++ b/mysql-test/main/plugin_auth_qa_2.result
@ -7,7 +7,7 @@ GRANT ALL PRIVILEGES ON test_user_db.* TO qa_test_1_dest identified by 'dest_pas
 GRANT PROXY ON qa_test_1_dest TO qa_test_1_user;
 SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
 user	plugin	authentication_string
-qa_test_1_dest		
+qa_test_1_dest	mysql_native_password	*DFCACE76914AD7BD801FC1A1ECF6562272621A22
 qa_test_1_user	qa_auth_interface	qa_test_1_dest
 SELECT @@proxy_user;
@@proxy_user
@ -20,7 +20,7 @@ current_user()	user()	@@local.proxy_user	@@local.external_user
 qa_test_1_user@%	qa_test_1_user@localhost	NULL	NULL
 SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
 user	plugin	authentication_string
-qa_test_1_dest		
+qa_test_1_dest	mysql_native_password	*DFCACE76914AD7BD801FC1A1ECF6562272621A22
 qa_test_1_user	qa_auth_interface	qa_test_1_dest
 DROP USER qa_test_1_user;
 DROP USER qa_test_1_dest;
@ -33,8 +33,8 @@ GRANT PROXY ON qa_test_2_dest TO qa_test_2_user;
 GRANT PROXY ON authenticated_as TO qa_test_2_user;
 SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
 user	plugin	authentication_string
-authenticated_as		
-qa_test_2_dest		
+authenticated_as	mysql_native_password	*DFCACE76914AD7BD801FC1A1ECF6562272621A22
+qa_test_2_dest	mysql_native_password	*DFCACE76914AD7BD801FC1A1ECF6562272621A22
 qa_test_2_user	qa_auth_interface	qa_test_2_dest
 SELECT @@proxy_user;
@@proxy_user
@ -47,8 +47,8 @@ current_user()	user()	@@local.proxy_user	@@local.external_user
 authenticated_as@%	user_name@localhost	'qa_test_2_user'@'%'	externaluser
 SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
 user	plugin	authentication_string
-authenticated_as		
-qa_test_2_dest		
+authenticated_as	mysql_native_password	*DFCACE76914AD7BD801FC1A1ECF6562272621A22
+qa_test_2_dest	mysql_native_password	*DFCACE76914AD7BD801FC1A1ECF6562272621A22
 qa_test_2_user	qa_auth_interface	qa_test_2_dest
 DROP USER qa_test_2_user;
 DROP USER qa_test_2_dest;
@ -83,8 +83,8 @@ GRANT PROXY ON qa_test_5_dest TO qa_test_5_user;
 GRANT PROXY ON qa_test_5_dest TO ''@'localhost';
 SELECT user,plugin,authentication_string,password FROM mysql.user WHERE user != 'root';
 user	plugin	authentication_string	password
-			*DFCACE76914AD7BD801FC1A1ECF6562272621A22
-qa_test_5_dest			*DFCACE76914AD7BD801FC1A1ECF6562272621A22
+	mysql_native_password	*DFCACE76914AD7BD801FC1A1ECF6562272621A22	
+qa_test_5_dest	mysql_native_password	*DFCACE76914AD7BD801FC1A1ECF6562272621A22	
 qa_test_5_user	qa_auth_interface	qa_test_5_dest	
 exec MYSQL -h localhost -P MASTER_MYPORT --user=qa_test_5_user  --password=qa_test_5_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1
 ERROR 1045 (28000): Access denied for user 'qa_test_5_user'@'localhost' (using password: YES)
@ -98,21 +98,21 @@ GRANT ALL PRIVILEGES ON test_user_db.* TO qa_test_6_dest identified by 'dest_pas
 GRANT PROXY ON qa_test_6_dest TO qa_test_6_user;
 SELECT user,plugin,authentication_string,password FROM mysql.user WHERE user != 'root';
 user	plugin	authentication_string	password
-qa_test_6_dest			*DFCACE76914AD7BD801FC1A1ECF6562272621A22
+qa_test_6_dest	mysql_native_password	*DFCACE76914AD7BD801FC1A1ECF6562272621A22	
 qa_test_6_user	qa_auth_interface	qa_test_6_dest	
 exec MYSQL -h localhost -P MASTER_MYPORT --user=qa_test_6_user  --password=qa_test_6_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1
 ERROR 1045 (28000): Access denied for user 'qa_test_6_user'@'localhost' (using password: YES)
 GRANT PROXY ON qa_test_6_dest TO root IDENTIFIED WITH qa_auth_interface AS 'qa_test_6_dest';
 SELECT user,plugin,authentication_string,password FROM mysql.user WHERE user != 'root';
 user	plugin	authentication_string	password
-qa_test_6_dest			*DFCACE76914AD7BD801FC1A1ECF6562272621A22
+qa_test_6_dest	mysql_native_password	*DFCACE76914AD7BD801FC1A1ECF6562272621A22	
 qa_test_6_user	qa_auth_interface	qa_test_6_dest	
 exec MYSQL -h localhost -P MASTER_MYPORT --user=root  --password=qa_test_6_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1
 ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES)
 REVOKE PROXY ON qa_test_6_dest FROM root;
 SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
 user	plugin	authentication_string
-qa_test_6_dest		
+qa_test_6_dest	mysql_native_password	*DFCACE76914AD7BD801FC1A1ECF6562272621A22
 qa_test_6_user	qa_auth_interface	qa_test_6_dest
 exec MYSQL -h localhost -P MASTER_MYPORT --user=root  --password=qa_test_6_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1
 ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES)
--- a/mysql-test/main/set_password.result
+++ b/mysql-test/main/set_password.result
@ -9,11 +9,11 @@ create user oldpassold@localhost identified with 'mysql_old_password';
 set password for oldpassold@localhost = '378b243e220ca493';
 select user, host, password, plugin, authentication_string from mysql.user where user != 'root';
 user	host	password	plugin	authentication_string
-natauth	localhost	*94BDCEBE19083CE2A1F959FD02F964C7AF4CFC29		
-newpass	localhost	*94BDCEBE19083CE2A1F959FD02F964C7AF4CFC29		
+natauth	localhost		mysql_native_password	*94BDCEBE19083CE2A1F959FD02F964C7AF4CFC29
+newpass	localhost		mysql_native_password	*94BDCEBE19083CE2A1F959FD02F964C7AF4CFC29
 newpassnat	localhost		mysql_native_password	*94BDCEBE19083CE2A1F959FD02F964C7AF4CFC29
-oldauth	localhost	378b243e220ca493		
-oldpass	localhost	378b243e220ca493		
+oldauth	localhost		mysql_old_password	378b243e220ca493
+oldpass	localhost		mysql_old_password	378b243e220ca493
 oldpassold	localhost		mysql_old_password	378b243e220ca493
 connect con,localhost,natauth,test,;
 select current_user();
--- a/mysql-test/main/show_grants_with_plugin-7985.result
+++ b/mysql-test/main/show_grants_with_plugin-7985.result
@ -7,7 +7,7 @@ create user u1;
 GRANT SELECT ON mysql.* to u1 IDENTIFIED VIA mysql_native_password;
 select user, host, password, plugin, authentication_string from mysql.user where user = 'u1';
 user	host	password	plugin	authentication_string
-u1	%			
+u1	%		mysql_native_password	
 #
 # The user's grants should show no password at all.
 #
@ -43,7 +43,7 @@ GRANT SELECT ON mysql.* to u1 IDENTIFIED VIA mysql_native_password
 USING '*7AFEFD08B6B720E781FB000CAA418F54FA662626';
 select user, host, password, plugin, authentication_string from mysql.user where user = 'u1';
 user	host	password	plugin	authentication_string
-u1	%	*7AFEFD08B6B720E781FB000CAA418F54FA662626		
+u1	%		mysql_native_password	*7AFEFD08B6B720E781FB000CAA418F54FA662626
 #
 # Test to see if connecting with password is succesful.
 #
--- a/mysql-test/main/sp-security.result
+++ b/mysql-test/main/sp-security.result
@ -506,9 +506,9 @@ DROP DATABASE mysqltest;
 GRANT USAGE ON *.* TO user19857@localhost IDENTIFIED BY 'meow';
 GRANT SELECT, INSERT, UPDATE, DELETE, CREATE ROUTINE, ALTER ROUTINE ON test.* TO
 user19857@localhost;
-SELECT Host,User,Password FROM mysql.user WHERE User='user19857';
-Host	User	Password
-localhost	user19857	*82DC221D557298F6CE9961037DB1C90604792F5C
+SELECT Host,User,Plugin,Authentication_string FROM mysql.user WHERE User='user19857';
+Host	User	Plugin	Authentication_string
+localhost	user19857	mysql_native_password	*82DC221D557298F6CE9961037DB1C90604792F5C
 connect  mysqltest_2_con,localhost,user19857,meow,test;
 connection mysqltest_2_con;
 USE test;
@ -533,9 +533,9 @@ connection mysqltest_2_con;
 DROP PROCEDURE IF EXISTS test.sp19857;
 connection con1root;
 disconnect mysqltest_2_con;
-SELECT Host,User,Password FROM mysql.user WHERE User='user19857';
-Host	User	Password
-localhost	user19857	*82DC221D557298F6CE9961037DB1C90604792F5C
+SELECT Host,User,Plugin,Authentication_string FROM mysql.user WHERE User='user19857';
+Host	User	Plugin	Authentication_string
+localhost	user19857	mysql_native_password	*82DC221D557298F6CE9961037DB1C90604792F5C
 DROP USER user19857@localhost;
 disconnect con1root;
 connection default;
--- a/mysql-test/main/sp-security.test
+++ b/mysql-test/main/sp-security.test
@ -742,7 +742,7 @@ DROP DATABASE mysqltest;
 GRANT USAGE ON *.* TO user19857@localhost IDENTIFIED BY 'meow';
 GRANT SELECT, INSERT, UPDATE, DELETE, CREATE ROUTINE, ALTER ROUTINE ON test.* TO
 user19857@localhost;
-SELECT Host,User,Password FROM mysql.user WHERE User='user19857';
+SELECT Host,User,Plugin,Authentication_string FROM mysql.user WHERE User='user19857';

 --connect (mysqltest_2_con,localhost,user19857,meow,test)
 --connection mysqltest_2_con
@ -770,7 +770,7 @@ DROP PROCEDURE IF EXISTS test.sp19857;

 --disconnect mysqltest_2_con

-SELECT Host,User,Password FROM mysql.user WHERE User='user19857';
+SELECT Host,User,Plugin,Authentication_string FROM mysql.user WHERE User='user19857';

 DROP USER user19857@localhost;

--- a/mysql-test/main/sp_notembedded.result
+++ b/mysql-test/main/sp_notembedded.result
@ -324,7 +324,7 @@ DROP EVENT teste_bug11763507;
 # -- End of 5.1 tests
 # ------------------------------------------------------------------
 grant create routine on test.* to foo1@localhost identified by 'foo';
-update mysql.user set password = replace(password, '*', '-') where user='foo1';
+update mysql.user set authentication_string = replace(authentication_string, '*', '-') where user='foo1';
 connect  foo,localhost,foo1,foo;
 show grants;
 Grants for foo1@localhost
--- a/mysql-test/main/sp_notembedded.test
+++ b/mysql-test/main/sp_notembedded.test
@ -465,7 +465,7 @@ DROP EVENT teste_bug11763507;
 # (creating a new procedure changes the password)
 #
 grant create routine on test.* to foo1@localhost identified by 'foo';
-update mysql.user set password = replace(password, '*', '-') where user='foo1';
+update mysql.user set authentication_string = replace(authentication_string, '*', '-') where user='foo1';
 --connect (foo,localhost,foo1,foo)
 show grants;
 --connection default
--- a/mysql-test/suite/funcs_1/r/is_user_privileges.result
+++ b/mysql-test/suite/funcs_1/r/is_user_privileges.result
@ -128,7 +128,7 @@ max_questions	0
 max_updates	0
 max_connections	0
 max_user_connections	0
-plugin	
+plugin	mysql_native_password
 authentication_string	
 password_expired	N
 is_role	N
@ -175,7 +175,7 @@ max_questions	0
 max_updates	0
 max_connections	0
 max_user_connections	0
-plugin	
+plugin	mysql_native_password
 authentication_string	
 password_expired	N
 is_role	N
@ -222,7 +222,7 @@ max_questions	0
 max_updates	0
 max_connections	0
 max_user_connections	0
-plugin	
+plugin	mysql_native_password
 authentication_string	
 password_expired	N
 is_role	N
@ -293,7 +293,7 @@ max_questions	0
 max_updates	0
 max_connections	0
 max_user_connections	0
-plugin	
+plugin	mysql_native_password
 authentication_string	
 password_expired	N
 is_role	N
@ -340,7 +340,7 @@ max_questions	0
 max_updates	0
 max_connections	0
 max_user_connections	0
-plugin	
+plugin	mysql_native_password
 authentication_string	
 password_expired	N
 is_role	N
@ -387,7 +387,7 @@ max_questions	0
 max_updates	0
 max_connections	0
 max_user_connections	0
-plugin	
+plugin	mysql_native_password
 authentication_string	
 password_expired	N
 is_role	N
@ -444,7 +444,7 @@ max_questions	0
 max_updates	0
 max_connections	0
 max_user_connections	0
-plugin	
+plugin	mysql_native_password
 authentication_string	
 password_expired	N
 is_role	N
@ -491,7 +491,7 @@ max_questions	0
 max_updates	0
 max_connections	0
 max_user_connections	0
-plugin	
+plugin	mysql_native_password
 authentication_string	
 password_expired	N
 is_role	N
@ -538,7 +538,7 @@ max_questions	0
 max_updates	0
 max_connections	0
 max_user_connections	0
-plugin	
+plugin	mysql_native_password
 authentication_string	
 password_expired	N
 is_role	N
@ -617,7 +617,7 @@ max_questions	0
 max_updates	0
 max_connections	0
 max_user_connections	0
-plugin	
+plugin	mysql_native_password
 authentication_string	
 password_expired	N
 is_role	N
@ -664,7 +664,7 @@ max_questions	0
 max_updates	0
 max_connections	0
 max_user_connections	0
-plugin	
+plugin	mysql_native_password
 authentication_string	
 password_expired	N
 is_role	N
@ -711,7 +711,7 @@ max_questions	0
 max_updates	0
 max_connections	0
 max_user_connections	0
-plugin	
+plugin	mysql_native_password
 authentication_string	
 password_expired	N
 is_role	N
@ -782,7 +782,7 @@ max_questions	0
 max_updates	0
 max_connections	0
 max_user_connections	0
-plugin	
+plugin	mysql_native_password
 authentication_string	
 password_expired	N
 is_role	N
@ -829,7 +829,7 @@ max_questions	0
 max_updates	0
 max_connections	0
 max_user_connections	0
-plugin	
+plugin	mysql_native_password
 authentication_string	
 password_expired	N
 is_role	N
@ -876,7 +876,7 @@ max_questions	0
 max_updates	0
 max_connections	0
 max_user_connections	0
-plugin	
+plugin	mysql_native_password
 authentication_string	
 password_expired	N
 is_role	N
@ -933,7 +933,7 @@ max_questions	0
 max_updates	0
 max_connections	0
 max_user_connections	0
-plugin	
+plugin	mysql_native_password
 authentication_string	
 password_expired	N
 is_role	N
@ -980,7 +980,7 @@ max_questions	0
 max_updates	0
 max_connections	0
 max_user_connections	0
-plugin	
+plugin	mysql_native_password
 authentication_string	
 password_expired	N
 is_role	N
@ -1027,7 +1027,7 @@ max_questions	0
 max_updates	0
 max_connections	0
 max_user_connections	0
-plugin	
+plugin	mysql_native_password
 authentication_string	
 password_expired	N
 is_role	N
@ -1136,7 +1136,7 @@ max_questions	0
 max_updates	0
 max_connections	0
 max_user_connections	0
-plugin	
+plugin	mysql_native_password
 authentication_string	
 password_expired	N
 is_role	N
@ -1183,7 +1183,7 @@ max_questions	0
 max_updates	0
 max_connections	0
 max_user_connections	0
-plugin	
+plugin	mysql_native_password
 authentication_string	
 password_expired	N
 is_role	N
@ -1230,7 +1230,7 @@ max_questions	0
 max_updates	0
 max_connections	0
 max_user_connections	0
-plugin	
+plugin	mysql_native_password
 authentication_string	
 password_expired	N
 is_role	N
@ -1334,7 +1334,7 @@ max_questions	0
 max_updates	0
 max_connections	0
 max_user_connections	0
-plugin	
+plugin	mysql_native_password
 authentication_string	
 password_expired	N
 is_role	N
@ -1381,7 +1381,7 @@ max_questions	0
 max_updates	0
 max_connections	0
 max_user_connections	0
-plugin	
+plugin	mysql_native_password
 authentication_string	
 password_expired	N
 is_role	N
@ -1428,7 +1428,7 @@ max_questions	0
 max_updates	0
 max_connections	0
 max_user_connections	0
-plugin	
+plugin	mysql_native_password
 authentication_string	
 password_expired	N
 is_role	N
@ -1485,7 +1485,7 @@ max_questions	0
 max_updates	0
 max_connections	0
 max_user_connections	0
-plugin	
+plugin	mysql_native_password
 authentication_string	
 password_expired	N
 is_role	N
@ -1532,7 +1532,7 @@ max_questions	0
 max_updates	0
 max_connections	0
 max_user_connections	0
-plugin	
+plugin	mysql_native_password
 authentication_string	
 password_expired	N
 is_role	N
@ -1579,7 +1579,7 @@ max_questions	0
 max_updates	0
 max_connections	0
 max_user_connections	0
-plugin	
+plugin	mysql_native_password
 authentication_string	
 password_expired	N
 is_role	N
@ -1643,7 +1643,7 @@ max_questions	0
 max_updates	0
 max_connections	0
 max_user_connections	0
-plugin	
+plugin	mysql_native_password
 authentication_string	
 password_expired	N
 is_role	N
@ -1690,7 +1690,7 @@ max_questions	0
 max_updates	0
 max_connections	0
 max_user_connections	0
-plugin	
+plugin	mysql_native_password
 authentication_string	
 password_expired	N
 is_role	N
@ -1737,7 +1737,7 @@ max_questions	0
 max_updates	0
 max_connections	0
 max_user_connections	0
-plugin	
+plugin	mysql_native_password
 authentication_string	
 password_expired	N
 is_role	N
@ -1816,7 +1816,7 @@ max_questions	0
 max_updates	0
 max_connections	0
 max_user_connections	0
-plugin	
+plugin	mysql_native_password
 authentication_string	
 password_expired	N
 is_role	N
@ -1863,7 +1863,7 @@ max_questions	0
 max_updates	0
 max_connections	0
 max_user_connections	0
-plugin	
+plugin	mysql_native_password
 authentication_string	
 password_expired	N
 is_role	N
@ -1910,7 +1910,7 @@ max_questions	0
 max_updates	0
 max_connections	0
 max_user_connections	0
-plugin	
+plugin	mysql_native_password
 authentication_string	
 password_expired	N
 is_role	N
--- a/mysql-test/suite/plugins/r/simple_password_check.result
+++ b/mysql-test/suite/plugins/r/simple_password_check.result
@ -135,8 +135,10 @@ grant select on *.* to foo2 identified with mysql_old_password using '2222222222
 ERROR HY000: The MariaDB server is running with the --strict-password-validation option so it cannot execute this statement
 create user foo2 identified with mysql_native_password using '';
 ERROR HY000: Your password does not satisfy the current policy requirements
+grant select on *.* to foo2 identified with mysql_old_password using '';
+ERROR HY000: Your password does not satisfy the current policy requirements
 grant select on *.* to foo2 identified with mysql_old_password;
-ERROR 28000: Can't find any matching row in the user table
+ERROR HY000: Your password does not satisfy the current policy requirements
 update mysql.user set password='xxx' where user='foo1';
 set global strict_password_validation=0;
 set password for foo1 = '';
--- a/mysql-test/suite/plugins/t/simple_password_check.test
+++ b/mysql-test/suite/plugins/t/simple_password_check.test
@ -83,7 +83,9 @@ create user foo2 identified with mysql_native_password using '111111111111111111
 grant select on *.* to foo2 identified with mysql_old_password using '2222222222222222';
 --error ER_NOT_VALID_PASSWORD
 create user foo2 identified with mysql_native_password using '';
--error ER_PASSWORD_NO_MATCH
+--error ER_NOT_VALID_PASSWORD
+grant select on *.* to foo2 identified with mysql_old_password using '';
+--error ER_NOT_VALID_PASSWORD
 grant select on *.* to foo2 identified with mysql_old_password;

 # direct updates are not protected
--- a/mysql-test/suite/rpl/r/rpl_create_drop_user.result
+++ b/mysql-test/suite/rpl/r/rpl_create_drop_user.result
@ -17,15 +17,15 @@ CURRENT_USER
 u2@localhost
 disconnect user_a;
 connection master;
-SELECT user, password FROM mysql.user WHERE user LIKE 'u%' ORDER BY user;
-user	password
-u1	*D9553C4CE316A9845CE49E30A2D7E3857AF966C4
-u2	
+SELECT user,password,plugin,authentication_string FROM mysql.user WHERE user LIKE 'u%' ;
+user	password	plugin	authentication_string
+u1		mysql_native_password	*D9553C4CE316A9845CE49E30A2D7E3857AF966C4
+u2		mysql_native_password	
 connection slave;
-SELECT user, password FROM mysql.user WHERE user LIKE 'u%' ORDER BY user;
-user	password
-u1	*D9553C4CE316A9845CE49E30A2D7E3857AF966C4
-u2	
+SELECT user,password,plugin,authentication_string FROM mysql.user WHERE user LIKE 'u%' ;
+user	password	plugin	authentication_string
+u1		mysql_native_password	*D9553C4CE316A9845CE49E30A2D7E3857AF966C4
+u2		mysql_native_password	
 connection master;
 CREATE OR REPLACE USER u1@localhost IDENTIFIED BY 'abcdefghijk2';
 connect  user_a, localhost, u1,'abcdefghijk2',;
@ -35,25 +35,25 @@ CURRENT_USER
 u1@localhost
 disconnect user_a;
 connection master;
-SELECT user, password FROM mysql.user WHERE user LIKE 'u%' ORDER BY user;
-user	password
-u1	*A9A5EF53CE2EFAA6F4A746D63A917B2370971A7E
-u2	
+SELECT user,password,plugin,authentication_string FROM mysql.user WHERE user LIKE 'u%' ;
+user	password	plugin	authentication_string
+u1		mysql_native_password	*A9A5EF53CE2EFAA6F4A746D63A917B2370971A7E
+u2		mysql_native_password	
 connection slave;
-SELECT user, password FROM mysql.user WHERE user LIKE 'u%' ORDER BY user;
-user	password
-u1	*A9A5EF53CE2EFAA6F4A746D63A917B2370971A7E
-u2	
+SELECT user,password,plugin,authentication_string FROM mysql.user WHERE user LIKE 'u%' ;
+user	password	plugin	authentication_string
+u1		mysql_native_password	*A9A5EF53CE2EFAA6F4A746D63A917B2370971A7E
+u2		mysql_native_password	
 connection master;
 CREATE USER u1@localhost;
 ERROR HY000: Operation CREATE USER failed for 'u1'@'localhost'
 DROP USER u3@localhost;
 ERROR HY000: Operation DROP USER failed for 'u3'@'localhost'
 connection slave;
-SELECT user, password FROM mysql.user WHERE user LIKE 'u%' ORDER BY user;
-user	password
-u1	*A9A5EF53CE2EFAA6F4A746D63A917B2370971A7E
-u2	
+SELECT user,password,plugin,authentication_string FROM mysql.user WHERE user LIKE 'u%' ;
+user	password	plugin	authentication_string
+u1		mysql_native_password	*A9A5EF53CE2EFAA6F4A746D63A917B2370971A7E
+u2		mysql_native_password	
 connection master;
 DROP USER IF EXISTS u1@localhost;
 DROP USER u2@localhost;
@ -61,6 +61,6 @@ DROP USER IF EXISTS u3@localhost;
 Warnings:
 Note	1974	Can't drop user 'u3'@'localhost'; it doesn't exist
 connection slave;
-SELECT user, password FROM mysql.user WHERE user LIKE 'u%' ORDER BY user;
-user	password
+SELECT user,password,plugin,authentication_string FROM mysql.user WHERE user LIKE 'u%' ;
+user	password	plugin	authentication_string
 include/rpl_end.inc
--- a/mysql-test/suite/rpl/r/rpl_innodb_mixed_dml.result
+++ b/mysql-test/suite/rpl/r/rpl_innodb_mixed_dml.result
@ -482,36 +482,36 @@ SET TRANSACTION ISOLATION LEVEL SERIALIZABLE;
 CREATE USER 'user_test_rpl'@'localhost' IDENTIFIED BY PASSWORD '*1111111111111111111111111111111111111111';
 SELECT host, user, password, plugin, authentication_string, select_priv FROM mysql.user WHERE user LIKE 'user_test_rpl%';
 host	user	password	plugin	authentication_string	select_priv
-localhost	user_test_rpl	*1111111111111111111111111111111111111111			N
+localhost	user_test_rpl		mysql_native_password	*1111111111111111111111111111111111111111	N
 connection slave;
 USE test_rpl;
 SELECT host, user, password, plugin, authentication_string, select_priv FROM mysql.user WHERE user LIKE 'user_test_rpl%';
 host	user	password	plugin	authentication_string	select_priv
-localhost	user_test_rpl	*1111111111111111111111111111111111111111			N
+localhost	user_test_rpl		mysql_native_password	*1111111111111111111111111111111111111111	N
 connection master;

 ******************** GRANT ********************
 GRANT SELECT ON *.* TO 'user_test_rpl'@'localhost';
 SELECT host, user, password, plugin, authentication_string, select_priv FROM mysql.user WHERE user LIKE 'user_test_rpl%';
 host	user	password	plugin	authentication_string	select_priv
-localhost	user_test_rpl	*1111111111111111111111111111111111111111			Y
+localhost	user_test_rpl		mysql_native_password	*1111111111111111111111111111111111111111	Y
 connection slave;
 USE test_rpl;
 SELECT host, user, password, plugin, authentication_string, select_priv FROM mysql.user WHERE user LIKE 'user_test_rpl%';
 host	user	password	plugin	authentication_string	select_priv
-localhost	user_test_rpl	*1111111111111111111111111111111111111111			Y
+localhost	user_test_rpl		mysql_native_password	*1111111111111111111111111111111111111111	Y
 connection master;

 ******************** REVOKE ********************
 REVOKE SELECT ON *.* FROM 'user_test_rpl'@'localhost';
 SELECT host, user, password, plugin, authentication_string, select_priv FROM mysql.user WHERE user LIKE 'user_test_rpl%';
 host	user	password	plugin	authentication_string	select_priv
-localhost	user_test_rpl	*1111111111111111111111111111111111111111			N
+localhost	user_test_rpl		mysql_native_password	*1111111111111111111111111111111111111111	N
 connection slave;
 USE test_rpl;
 SELECT host, user, password, plugin, authentication_string, select_priv FROM mysql.user WHERE user LIKE 'user_test_rpl%';
 host	user	password	plugin	authentication_string	select_priv
-localhost	user_test_rpl	*1111111111111111111111111111111111111111			N
+localhost	user_test_rpl		mysql_native_password	*1111111111111111111111111111111111111111	N
 connection master;

 ******************** SET PASSWORD ********************
--- a/mysql-test/suite/rpl/t/rpl_create_drop_user.test
+++ b/mysql-test/suite/rpl/t/rpl_create_drop_user.test
@ -15,9 +15,11 @@ SELECT CURRENT_USER;
 disconnect user_a;

 connection master;
-SELECT user, password FROM mysql.user WHERE user LIKE 'u%' ORDER BY user;
+--sorted_result
+SELECT user,password,plugin,authentication_string FROM mysql.user WHERE user LIKE 'u%' ;
 sync_slave_with_master;
-SELECT user, password FROM mysql.user WHERE user LIKE 'u%' ORDER BY user;
+--sorted_result
+SELECT user,password,plugin,authentication_string FROM mysql.user WHERE user LIKE 'u%' ;

 connection master;
 CREATE OR REPLACE USER u1@localhost IDENTIFIED BY 'abcdefghijk2';
@ -26,9 +28,11 @@ connection user_a;
 SELECT CURRENT_USER;
 disconnect user_a;
 connection master;
-SELECT user, password FROM mysql.user WHERE user LIKE 'u%' ORDER BY user;
+--sorted_result
+SELECT user,password,plugin,authentication_string FROM mysql.user WHERE user LIKE 'u%' ;
 sync_slave_with_master;
-SELECT user, password FROM mysql.user WHERE user LIKE 'u%' ORDER BY user;
+--sorted_result
+SELECT user,password,plugin,authentication_string FROM mysql.user WHERE user LIKE 'u%' ;

 connection master;
 --error ER_CANNOT_USER
@ -38,7 +42,8 @@ CREATE USER u1@localhost;
 DROP USER u3@localhost;

 sync_slave_with_master;
-SELECT user, password FROM mysql.user WHERE user LIKE 'u%' ORDER BY user;
+--sorted_result
+SELECT user,password,plugin,authentication_string FROM mysql.user WHERE user LIKE 'u%' ;

 connection master;
 DROP USER IF EXISTS u1@localhost;
@ -46,6 +51,7 @@ DROP USER u2@localhost;
 DROP USER IF EXISTS u3@localhost;
 sync_slave_with_master;

-SELECT user, password FROM mysql.user WHERE user LIKE 'u%' ORDER BY user;
+--sorted_result
+SELECT user,password,plugin,authentication_string FROM mysql.user WHERE user LIKE 'u%' ;

 --source include/rpl_end.inc
--- a/sql/sql_acl.cc
+++ b/sql/sql_acl.cc
@ -1386,9 +1386,20 @@ static my_bool do_validate(THD *, plugin_ref plugin, void *arg)
 }


+static bool can_password(LEX_USER *user)
+{
+  return !user->plugin.length ||
+    lex_string_eq(&user->plugin, &native_password_plugin_name) ||
+    lex_string_eq(&user->plugin, &old_password_plugin_name);
+}
+
+
 static bool validate_password(LEX_USER *user, THD *thd)
 {
-  if (user->pwtext.length || !user->pwhash.length)
+  if (!can_password(user))
+    return false;
+
+  if (user->pwtext.length || !user->auth.length)
  {
    struct validation_data data= { &user->user,
                                   user->pwtext.str ? &user->pwtext :
@ -1468,35 +1479,13 @@ static bool fix_user_plugin_ptr(ACL_USER *user)
 }


-/*
-  Validates the password, calculates password hash, transforms
-  equivalent LEX_USER representations.
-
-  Upon entering this function:
-
-  - if user->plugin is specified, user->auth is the plugin auth data.
-  - if user->plugin is mysql_native_password or mysql_old_password,
-    user->auth is the password hash, and LEX_USER is transformed
-    to match the next case (that is, user->plugin is cleared).
-  - if user->plugin is NOT specified, built-in auth is assumed, that is
-    mysql_native_password or mysql_old_password. In that case,
-    user->pwhash is the password hash. And user->pwtext is the original
-    plain-text password. Either one can be set or both.
-
-  Upon exiting this function:
-
-  - user->pwtext is left untouched
-  - user->pwhash is the password hash, as the mysql.user.password column
-  - user->plugin is the plugin name, as the mysql.user.plugin column
-  - user->auth is the plugin auth data, as the mysql.user.authentication_string column
+/**
+  Validates the password, calculates password hash.
 */
 static bool fix_lex_user(THD *thd, LEX_USER *user)
 {
  size_t check_length;

-  DBUG_ASSERT(user->plugin.length || !user->auth.length);
-  DBUG_ASSERT(!(user->plugin.length && (user->pwtext.length || user->pwhash.length)));
-
  if (lex_string_eq(&user->plugin, &native_password_plugin_name))
    check_length= SCRAMBLED_PASSWORD_CHAR_LENGTH;
  else
@ -1504,38 +1493,41 @@ static bool fix_lex_user(THD *thd, LEX_USER *user)
    check_length= SCRAMBLED_PASSWORD_CHAR_LENGTH_323;
  else
  if (user->plugin.length)
-    return false; // nothing else to do
+    return 0; // nothing else to do
  else if (thd->variables.old_passwords == 1 ||
-           user->pwhash.length == SCRAMBLED_PASSWORD_CHAR_LENGTH_323)
-    check_length= SCRAMBLED_PASSWORD_CHAR_LENGTH_323;
-  else
-    check_length= SCRAMBLED_PASSWORD_CHAR_LENGTH;
-
-  if (user->plugin.length)
+           user->auth.length == SCRAMBLED_PASSWORD_CHAR_LENGTH_323)
  {
-    user->pwhash= user->auth;
-    user->plugin= empty_clex_str;
-    user->auth= empty_clex_str;
+    user->plugin= old_password_plugin_name;
+    check_length= SCRAMBLED_PASSWORD_CHAR_LENGTH_323;
  }
+  else if (user->auth.length)
+  {
+    user->plugin= native_password_plugin_name;
+    check_length= SCRAMBLED_PASSWORD_CHAR_LENGTH;
+  }
+  else
+    check_length= 0;

-  if (user->pwhash.length && user->pwhash.length != check_length)
+  if (user->auth.length && user->auth.length != check_length)
  {
    my_error(ER_PASSWD_LENGTH, MYF(0), (int) check_length);
-    return true;
+    return 1;
  }

-  if (user->pwtext.length && !user->pwhash.length)
+  if (user->pwtext.length && !user->auth.length)
  {
    size_t scramble_length;
    void (*make_scramble)(char *, const char *, size_t);

    if (thd->variables.old_passwords == 1)
    {
+      user->plugin= old_password_plugin_name;
      scramble_length= SCRAMBLED_PASSWORD_CHAR_LENGTH_323;
      make_scramble= my_make_scrambled_password_323;
    }
    else
    {
+      user->plugin= native_password_plugin_name;
      scramble_length= SCRAMBLED_PASSWORD_CHAR_LENGTH;
      make_scramble= my_make_scrambled_password;
    }
@ -1549,8 +1541,8 @@ static bool fix_lex_user(THD *thd, LEX_USER *user)
    if (buff == NULL)
      return true;
    make_scramble(buff, user->pwtext.str, user->pwtext.length);
-    user->pwhash.str= buff;
-    user->pwhash.length= scramble_length;
+    user->auth.str= buff;
+    user->auth.length= scramble_length;
  }

  return false;
@ -1822,16 +1814,18 @@ static bool acl_load(THD *thd, const Grant_tables& tables)
      continue;
    }

-    LEX_CSTRING password= empty_clex_str;
    if (user_table.password())
    {
-      password.str= get_field(&acl_memroot, user_table.password());
-      password.length= safe_strlen(password.str);
+      const char *p= safe_str(get_field(&acl_memroot, user_table.password()));
+      user.auth_string.str= p;
+      user.auth_string.length= strlen(p);
    }
-    user.auth_string= password;
-    set_user_salt(&user, password);
+    else
+      user.auth_string= empty_clex_str;

-    if (!is_role && set_user_plugin(&user, password.length))
+    set_user_salt(&user, user.auth_string);
+
+    if (!is_role && set_user_plugin(&user, user.auth_string.length))
      continue;

    user.access= user_table.get_access() & GLOBAL_ACLS;
@ -1919,6 +1913,7 @@ static bool acl_load(THD *thd, const Grant_tables& tables)
        char *tmpstr= get_field(&acl_memroot, user_table.plugin());
        if (tmpstr)
        {
+          LEX_CSTRING password= user.auth_string;
          user.plugin.str= tmpstr;
          user.plugin.length= strlen(user.plugin.str);
          user.auth_string.str=
@ -2588,20 +2583,13 @@ static void acl_update_user(const LEX_USER &combo, enum SSL_type ssl_type,
    ACL_USER *acl_user=dynamic_element(&acl_users,i,ACL_USER*);
    if (acl_user->eq(combo.user.str, combo.host.str))
    {
-      if (combo.plugin.str[0])
+      if (combo.plugin.length)
      {
        acl_user->plugin= combo.plugin;
        acl_user->auth_string= safe_lexcstrdup_root(&acl_memroot, combo.auth);
        if (fix_user_plugin_ptr(acl_user))
          acl_user->plugin= safe_lexcstrdup_root(&acl_memroot, combo.plugin);
      }
-      else
-        if (combo.pwhash.length)
-        {
-          acl_user->auth_string= safe_lexcstrdup_root(&acl_memroot, combo.pwhash);
-          set_user_salt(acl_user, combo.pwhash);
-          set_user_plugin(acl_user, combo.pwhash.length);
-        }
      acl_user->access=privileges;
      if (mqh->specified_limits & USER_RESOURCES::QUERIES_PER_HOUR)
        acl_user->user_resource.questions=mqh->questions;
@ -2657,7 +2645,7 @@ static void acl_insert_user(const LEX_USER &combo, enum SSL_type ssl_type,
  bzero(&acl_user, sizeof(acl_user));
  acl_user.user= safe_lexcstrdup_root(&acl_memroot, combo.user);
  update_hostname(&acl_user.host, safe_strdup_root(&acl_memroot, combo.host.str));
-  if (combo.plugin.str[0])
+  if (combo.plugin.length)
  {
    acl_user.plugin= combo.plugin;
    acl_user.auth_string= safe_lexcstrdup_root(&acl_memroot, combo.auth);
@ -2666,9 +2654,9 @@ static void acl_insert_user(const LEX_USER &combo, enum SSL_type ssl_type,
  }
  else
  {
-    acl_user.auth_string= safe_lexcstrdup_root(&acl_memroot, combo.pwhash);
-    set_user_salt(&acl_user, combo.pwhash);
-    set_user_plugin(&acl_user, combo.pwhash.length);
+    DBUG_ASSERT(!combo.auth.length);
+    acl_user.plugin= native_password_plugin_name;
+    acl_user.auth_string= empty_clex_str;
  }

  acl_user.flags= 0;
@ -3201,8 +3189,8 @@ bool change_password(THD *thd, LEX_USER *user)
  const CSET_STRING query_save __attribute__((unused)) = thd->query_string;
  DBUG_ENTER("change_password");
  DBUG_PRINT("enter",("host: '%s'  user: '%s'  new_password: '%s'",
-		      user->host.str, user->user.str, user->pwhash.str));
-  DBUG_ASSERT(user->host.str != 0);                     // Ensured by parent
+		      user->host.str, user->user.str, user->auth.str));
+  DBUG_ASSERT(user->host.str != 0);                     // Ensured by caller

  /*
    This statement will be replicated as a statement, even when using
@ -3217,8 +3205,7 @@ bool change_password(THD *thd, LEX_USER *user)
      (WSREP(thd) && !IF_WSREP(thd->wsrep_applier, 0)))
  {
    query_length= sprintf(buff, "SET PASSWORD FOR '%-.120s'@'%-.120s'='%-.120s'",
-              user->user.str, safe_str(user->host.str),
-              safe_str(user->pwhash.str));
+              user->user.str, safe_str(user->host.str), user->auth.str);
  }

  if (WSREP(thd) && !IF_WSREP(thd->wsrep_applier, 0))
@ -3246,10 +3233,9 @@ bool change_password(THD *thd, LEX_USER *user)
  if (acl_user->plugin.str == native_password_plugin_name.str ||
      acl_user->plugin.str == old_password_plugin_name.str)
  {
-    acl_user->auth_string= safe_lexcstrdup_root(&acl_memroot, user->pwhash);
-    set_user_salt(acl_user, user->pwhash);
-
-    set_user_plugin(acl_user, user->pwhash.length);
+    acl_user->auth_string= safe_lexcstrdup_root(&acl_memroot, user->auth);
+    set_user_salt(acl_user, user->auth);
+    set_user_plugin(acl_user, user->auth.length);
  }
  else
    push_warning(thd, Sql_condition::WARN_LEVEL_NOTE,
@ -3258,7 +3244,7 @@ bool change_password(THD *thd, LEX_USER *user)

  if (update_user_table(thd, tables.user_table(),
                        safe_str(acl_user->host.hostname),
-                        acl_user->user.str, user->pwhash))
+                        acl_user->user.str, user->auth))
  {
    mysql_mutex_unlock(&acl_cache->lock); /* purecov: deadcode */
    goto end;
@ -3777,7 +3763,7 @@ static bool update_user_table(THD *thd, const User_table& user_table,
      user_table.password()->reset();
  }
  else
-    user_table.password()->store(new_password.str, new_password.len,
+    user_table.password()->store(new_password.str, new_password.length,
                                 system_charset_info);


@ -3846,19 +3832,6 @@ static int replace_user_table(THD *thd, const User_table &user_table,

  mysql_mutex_assert_owner(&acl_cache->lock);

-  if (combo->pwhash.str && combo->pwhash.str[0])
-  {
-    if (combo->pwhash.length != SCRAMBLED_PASSWORD_CHAR_LENGTH &&
-        combo->pwhash.length != SCRAMBLED_PASSWORD_CHAR_LENGTH_323)
-    {
-      DBUG_ASSERT(0);
-      my_error(ER_PASSWD_LENGTH, MYF(0), SCRAMBLED_PASSWORD_CHAR_LENGTH);
-      DBUG_RETURN(-1);
-    }
-  }
-  else
-    combo->pwhash= empty_clex_str;
-
  /* if the user table is not up to date, we can't handle role updates */
  if (!user_table.is_role() && handle_as_role)
  {
@ -3899,7 +3872,7 @@ static int replace_user_table(THD *thd, const User_table &user_table,

      see also test_if_create_new_users()
    */
-    else if (!combo->pwhash.length && !combo->plugin.length && no_auto_create)
+    else if (!combo->auth.length && !combo->plugin.length && no_auto_create)
    {
      my_error(ER_PASSWORD_NO_MATCH, MYF(0));
      goto end;
@ -3909,7 +3882,7 @@ static int replace_user_table(THD *thd, const User_table &user_table,
      my_error(ER_CANT_CREATE_USER_WITH_GRANT, MYF(0));
      goto end;
    }
-    else if (combo->plugin.str[0])
+    else if (combo->plugin.length)
    {
      if (!plugin_is_ready(&combo->plugin, MYSQL_AUTHENTICATION_PLUGIN))
      {
@ -3917,6 +3890,13 @@ static int replace_user_table(THD *thd, const User_table &user_table,
        goto end;
      }
    }
+    else /* combo->plugin.length == 0 */
+    {
+      if (combo->auth.length == SCRAMBLED_PASSWORD_CHAR_LENGTH_323)
+        combo->plugin= old_password_plugin_name;
+      else
+        combo->plugin= native_password_plugin_name;
+    }

    old_row_exists = 0;
    restore_record(table,s->default_values);
@ -3931,7 +3911,7 @@ static int replace_user_table(THD *thd, const User_table &user_table,
    store_record(table,record[1]);			// Save copy for update
  }

-  if (!old_row_exists || combo->pwtext.length || combo->pwhash.length)
+  if (!old_row_exists || combo->pwtext.length || combo->auth.length)
    if (!handle_as_role && validate_password(combo, thd))
      goto end;

@ -3950,8 +3930,8 @@ static int replace_user_table(THD *thd, const User_table &user_table,
  DBUG_PRINT("info",("table fields: %d", user_table.num_fields()));
  /* If we don't have a password column, we'll use the authentication_string
     column later. */
-  if (combo->pwhash.str[0] && user_table.password())
-    user_table.password()->store(combo->pwhash.str, combo->pwhash.length,
+  if (combo->auth.length && can_password(combo) && user_table.password())
+    user_table.password()->store(combo->auth.str, combo->auth.length,
                                 system_charset_info);
  /* We either have the password column, the plugin column, or both. Otherwise
     we have a corrupt user table. */
@ -4013,13 +3993,12 @@ static int replace_user_table(THD *thd, const User_table &user_table,
    if (user_table.max_user_connections() &&
        (mqh.specified_limits & USER_RESOURCES::USER_CONNECTIONS))
      user_table.max_user_connections()->store((longlong) mqh.user_conn, FALSE);
-    if (user_table.plugin())
+    if (user_table.plugin() && !handle_as_role)
    {
      user_table.plugin()->set_notnull();
      user_table.authentication_string()->set_notnull();
-      if (combo->plugin.str[0])
+      if (combo->plugin.length)
      {
-        DBUG_ASSERT(combo->pwhash.str[0] == 0);
        if (user_table.password())
          user_table.password()->reset();
        user_table.plugin()->store(combo->plugin.str, combo->plugin.length,
@ -4027,22 +4006,6 @@ static int replace_user_table(THD *thd, const User_table &user_table,
        user_table.authentication_string()->store(combo->auth.str, combo->auth.length,
                                                  system_charset_info);
      }
-      if (combo->pwhash.str[0])
-      {
-        DBUG_ASSERT(combo->plugin.str[0] == 0);
-        /* We have Password column. */
-        if (user_table.password())
-        {
-          user_table.plugin()->reset();
-          user_table.authentication_string()->reset();
-        }
-        else
-        {
-          /* We do not have Password column. Use PLUGIN && Authentication_string
-             columns instead. */
-          set_plugin_from_password(user_table, combo->pwhash);
-        }
-      }

      if (user_table.max_statement_time())
      {
@ -6219,7 +6182,7 @@ static bool merge_one_role_privileges(ACL_ROLE *grantee)

 static bool has_auth(LEX_USER *user, LEX *lex)
 {
-  return user->pwtext.length || user->pwhash.length || user->plugin.length || user->auth.length ||
+  return user->pwtext.length || user->plugin.length || user->auth.length ||
         lex->ssl_type != SSL_TYPE_NOT_SPECIFIED || lex->ssl_cipher ||
         lex->x509_issuer || lex->x509_subject ||
         lex->mqh.specified_limits;
@ -6231,7 +6194,6 @@ static bool fix_and_copy_user(LEX_USER *to, LEX_USER *from, THD *thd)
  {
    /* preserve authentication information, if LEX_USER was  reallocated */
    to->pwtext= from->pwtext;
-    to->pwhash= from->pwhash;
    to->plugin= from->plugin;
    to->auth= from->auth;
  }
--- a/sql/sql_yacc.yy
+++ b/sql/sql_yacc.yy
@ -16254,14 +16254,14 @@ opt_for_user:
        ;

 text_or_password:
-          TEXT_STRING { Lex->definer->pwhash= $1;}
+          TEXT_STRING { Lex->definer->auth= $1;}
        | PASSWORD_SYM '(' TEXT_STRING ')' { Lex->definer->pwtext= $3; }
        | OLD_PASSWORD_SYM '(' TEXT_STRING ')'
          {
            Lex->definer->pwtext= $3;
-            Lex->definer->pwhash.str= Item_func_password::alloc(thd,
+            Lex->definer->auth.str= Item_func_password::alloc(thd,
                                   $3.str, $3.length, Item_func_password::OLD);
-            Lex->definer->pwhash.length=  SCRAMBLED_PASSWORD_CHAR_LENGTH_323;
+            Lex->definer->auth.length=  SCRAMBLED_PASSWORD_CHAR_LENGTH_323;
          }
        ;

@ -16825,7 +16825,7 @@ grant_user:
        | user IDENTIFIED_SYM BY PASSWORD_SYM TEXT_STRING
          { 
            $$= $1; 
-            $1->pwhash= $5;
+            $1->auth= $5;
          }
        | user IDENTIFIED_SYM via_or_with ident_or_text
          {
--- a/sql/sql_yacc_ora.yy
+++ b/sql/sql_yacc_ora.yy
@ -16581,14 +16581,14 @@ opt_for_user:
        ;

 text_or_password:
-          TEXT_STRING { Lex->definer->pwhash= $1;}
+          TEXT_STRING { Lex->definer->auth= $1;}
        | PASSWORD_SYM '(' TEXT_STRING ')' { Lex->definer->pwtext= $3; }
        | OLD_PASSWORD_SYM '(' TEXT_STRING ')'
          {
            Lex->definer->pwtext= $3;
-            Lex->definer->pwhash.str= Item_func_password::alloc(thd,
+            Lex->definer->auth.str= Item_func_password::alloc(thd,
                                   $3.str, $3.length, Item_func_password::OLD);
-            Lex->definer->pwhash.length=  SCRAMBLED_PASSWORD_CHAR_LENGTH_323;
+            Lex->definer->auth.length=  SCRAMBLED_PASSWORD_CHAR_LENGTH_323;
          }
        ;

@ -17178,7 +17178,7 @@ grant_user:
        | user IDENTIFIED_SYM BY PASSWORD_SYM TEXT_STRING
          { 
            $$= $1; 
-            $1->pwhash= $5;
+            $1->auth= $5;
          }
        | user IDENTIFIED_SYM via_or_with ident_or_text
          {
--- a/sql/structs.h
+++ b/sql/structs.h
@ -227,12 +227,11 @@ struct AUTHID

 struct LEX_USER: public AUTHID
 {
-  LEX_CSTRING plugin, auth;
-  LEX_CSTRING pwtext, pwhash;
+  LEX_CSTRING plugin, auth, pwtext;
  void reset_auth()
  {
-    pwtext.length= pwhash.length= plugin.length= auth.length= 0;
-    pwtext.str= pwhash.str= 0;
+    pwtext.length= plugin.length= auth.length= 0;
+    pwtext.str= 0;
    plugin.str= auth.str= "";
  }
 };
--- a/storage/tokudb/mysql-test/rpl/r/rpl_tokudb_mixed_dml.result
+++ b/storage/tokudb/mysql-test/rpl/r/rpl_tokudb_mixed_dml.result
@ -485,36 +485,36 @@ SET TRANSACTION ISOLATION LEVEL SERIALIZABLE;
 CREATE USER 'user_test_rpl'@'localhost' IDENTIFIED BY PASSWORD '*1111111111111111111111111111111111111111';
 SELECT host, user, password, plugin, authentication_string, select_priv FROM mysql.user WHERE user LIKE 'user_test_rpl%';
 host	user	password	plugin	authentication_string	select_priv
-localhost	user_test_rpl	*1111111111111111111111111111111111111111			N
+localhost	user_test_rpl		mysql_native_password	*1111111111111111111111111111111111111111	N
 connection slave;
 USE test_rpl;
 SELECT host, user, password, plugin, authentication_string, select_priv FROM mysql.user WHERE user LIKE 'user_test_rpl%';
 host	user	password	plugin	authentication_string	select_priv
-localhost	user_test_rpl	*1111111111111111111111111111111111111111			N
+localhost	user_test_rpl		mysql_native_password	*1111111111111111111111111111111111111111	N
 connection master;

 ******************** GRANT ********************
 GRANT SELECT ON *.* TO 'user_test_rpl'@'localhost';
 SELECT host, user, password, plugin, authentication_string, select_priv FROM mysql.user WHERE user LIKE 'user_test_rpl%';
 host	user	password	plugin	authentication_string	select_priv
-localhost	user_test_rpl	*1111111111111111111111111111111111111111			Y
+localhost	user_test_rpl		mysql_native_password	*1111111111111111111111111111111111111111	Y
 connection slave;
 USE test_rpl;
 SELECT host, user, password, plugin, authentication_string, select_priv FROM mysql.user WHERE user LIKE 'user_test_rpl%';
 host	user	password	plugin	authentication_string	select_priv
-localhost	user_test_rpl	*1111111111111111111111111111111111111111			Y
+localhost	user_test_rpl		mysql_native_password	*1111111111111111111111111111111111111111	Y
 connection master;

 ******************** REVOKE ********************
 REVOKE SELECT ON *.* FROM 'user_test_rpl'@'localhost';
 SELECT host, user, password, plugin, authentication_string, select_priv FROM mysql.user WHERE user LIKE 'user_test_rpl%';
 host	user	password	plugin	authentication_string	select_priv
-localhost	user_test_rpl	*1111111111111111111111111111111111111111			N
+localhost	user_test_rpl		mysql_native_password	*1111111111111111111111111111111111111111	N
 connection slave;
 USE test_rpl;
 SELECT host, user, password, plugin, authentication_string, select_priv FROM mysql.user WHERE user LIKE 'user_test_rpl%';
 host	user	password	plugin	authentication_string	select_priv
-localhost	user_test_rpl	*1111111111111111111111111111111111111111			N
+localhost	user_test_rpl		mysql_native_password	*1111111111111111111111111111111111111111	N
 connection master;

 ******************** SET PASSWORD ********************