diff --git a/CHANGES.rst b/CHANGES.rst
index 3bec7e53..3e09fec7 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -8,6 +8,14 @@ Changelog
 
 - Switch to using `async/await` directly instead of `@coroutine/yield`
 
+- Drop experimental support for credentials object: the corresponding
+  ``ClientStorage.__init__`` parameter ``credentials`` is retained but ignored.
+  From now on ZEO supports authentication only via SSL certificates.
+
+  Note that ZEO 5 never supported authenticating via ``username`` and
+  ``password`` - support for such basic auth was dropped in 2016 before ZEO 5.0
+  was released.
+
 
 5.4.0 (2023-01-18)
 ------------------
diff --git a/docs/clients.rst b/docs/clients.rst
index 0826884e..c2d7a42f 100644
--- a/docs/clients.rst
+++ b/docs/clients.rst
@@ -280,7 +280,7 @@ authenticate
   parameters in the Python documentation for
   ``ssl.SSLContext.load_verify_locations``.)
 
-  If this setting is used. then certificate authentication is
+  If this setting is used then certificate authentication is
   used to authenticate the server.  The server must be configured
   with one of the certificates supplied using this setting.
 
diff --git a/docs/server.rst b/docs/server.rst
index c385e760..b9620437 100644
--- a/docs/server.rst
+++ b/docs/server.rst
@@ -164,7 +164,7 @@ msgpack
 Server SSL configuration
 ------------------------
 
-A server can optionally support SSL.  Do do so, include a `ssl`
+A server can optionally support SSL.  To do so, include a `ssl`
 subsection of the ZEO section, as in::
 
     <zeo>
diff --git a/src/ZEO/ClientStorage.py b/src/ZEO/ClientStorage.py
index 8cc27f10..b4728fb4 100644
--- a/src/ZEO/ClientStorage.py
+++ b/src/ZEO/ClientStorage.py
@@ -217,9 +217,6 @@ def __init__(self, addr, storage='1', cache_size=20 * MB,
         wait
             Wait for server connection, defaulting to true.
 
-        credentials
-            [Experimental] Credentials object for authentication to server.
-
         server_sync
             Whether sync() should make a server round trip, thus causing client
             to wait for outstanding invalidations.
@@ -246,6 +243,7 @@ def __init__(self, addr, storage='1', cache_size=20 * MB,
 
             Defaults to false.
 
+        credentials
         username
         password
         realm
@@ -338,7 +336,6 @@ def __init__(self, addr, storage='1', cache_size=20 * MB,
             ZEO.asyncio.client.Fallback if read_only_fallback else read_only,
             wait_timeout or 30,
             ssl=ssl, ssl_server_hostname=ssl_server_hostname,
-            credentials=credentials,
             )
         self._call = self._server.call
         self._async = self._server.async_
diff --git a/src/ZEO/Exceptions.py b/src/ZEO/Exceptions.py
index 28955c56..703197b4 100644
--- a/src/ZEO/Exceptions.py
+++ b/src/ZEO/Exceptions.py
@@ -34,11 +34,6 @@ class ClientDisconnected(ClientStorageError,
     """
 
 
-class AuthError(StorageError):
-    """The client provided invalid authentication credentials.
-    """
-
-
 class ProtocolError(ClientStorageError):
     """A client contacted a server with an incomparible protocol
     """
diff --git a/src/ZEO/asyncio/client.py b/src/ZEO/asyncio/client.py
index 75d10d0f..f2a72963 100644
--- a/src/ZEO/asyncio/client.py
+++ b/src/ZEO/asyncio/client.py
@@ -68,7 +68,7 @@ class Protocol(base.ZEOBaseProtocol):
     def __init__(self, loop,
                  addr, client, storage_key, read_only, connect_poll=1,
                  heartbeat_interval=60, ssl=None, ssl_server_hostname=None,
-                 credentials=None):
+                 ):
         """Create a server connection
 
         addr is either a host,port tuple or a string file name.
@@ -87,7 +87,6 @@ def __init__(self, loop,
         self.futures = {}  # { message_id -> future }
         self.ssl = ssl
         self.ssl_server_hostname = ssl_server_hostname
-        self.credentials = credentials
         # received invalidations while the protocol is not yet registered with client
         self.invalidations = []
 
@@ -229,8 +228,6 @@ async def verify_connection(self):
         We try to register with the server; if this succeeds with
         the client.
         """
-        credentials = (self.credentials,) if self.credentials else ()
-
         # we do not want that several servers concurrently
         # update the cache -- lock
         async with self.client.register_lock:
@@ -238,14 +235,14 @@ async def verify_connection(self):
                 try:
                     server_tid = await self.server_call(
                         'register', self.storage_key,
-                        (self.read_only if self.read_only is not Fallback
-                         else False),
-                        *credentials)
+                        self.read_only if self.read_only is not Fallback
+                        else False,
+                        )
                 except ZODB.POSException.ReadOnlyError:
                     if self.read_only is Fallback:
                         self.read_only = True
                         server_tid = await self.server_call(
-                            'register', self.storage_key, True, *credentials)
+                            'register', self.storage_key, True)
                     else:
                         raise
                 else:
@@ -438,7 +435,7 @@ class ClientIO:
     def __init__(self, loop,
                  addrs, client, cache, storage_key, read_only, connect_poll,
                  register_failed_poll=9,
-                 ssl=None, ssl_server_hostname=None, credentials=None):
+                 ssl=None, ssl_server_hostname=None):
         """Create a client interface
 
         *addrs* specifies addresses of a set of servers which
@@ -460,7 +457,6 @@ def __init__(self, loop,
         self.client = client
         self.ssl = ssl
         self.ssl_server_hostname = ssl_server_hostname
-        self.credentials = credentials
         for name in Protocol.client_delegated:
             setattr(self, name, getattr(client, name))
         self.cache = cache
@@ -543,7 +539,6 @@ def try_connecting(self):
                          self.storage_key, self.read_only, self.connect_poll,
                          ssl=self.ssl,
                          ssl_server_hostname=self.ssl_server_hostname,
-                         credentials=self.credentials,
                          )
                 for addr in self.addrs
                 ]
@@ -997,12 +992,11 @@ class ClientThread(ClientRunner):
 
     def __init__(self, addrs, client, cache,
                  storage_key='1', read_only=False, timeout=30,
-                 disconnect_poll=1, ssl=None, ssl_server_hostname=None,
-                 credentials=None):
+                 disconnect_poll=1, ssl=None, ssl_server_hostname=None):
         self.set_options(addrs, client, cache, storage_key, read_only,
                          timeout, disconnect_poll,
                          ssl=ssl, ssl_server_hostname=ssl_server_hostname,
-                         credentials=credentials)
+                         )
         self.thread = threading.Thread(
             target=self.run_io_thread,
             name="%s zeo client networking thread" % client.__name__,
diff --git a/src/ZEO/tests/test_client_credentials.py b/src/ZEO/tests/test_client_credentials.py
index 254f16de..51cb4a44 100644
--- a/src/ZEO/tests/test_client_credentials.py
+++ b/src/ZEO/tests/test_client_credentials.py
@@ -45,10 +45,10 @@ def register(zs, storage_id, read_only, credentials=self):
         client.close()
         creds_log.pop()
 
-        # But if we pass credentials, they'll be passed to register:
+        # Even if we pass credentials, they'll be ignored
         creds = dict(user='me', password='123')
         client = ZEO.client(addr, credentials=creds)
-        self.assertEqual(creds_log, [creds])
+        self.assertEqual(creds_log, [self])
         client.close()
 
         stop()