In this blog, we’ll discuss how to use “plugin: auth_socket” to change user password in MySQL 5.7.
In Debian/Ubuntu it is pretty common to install MySQL/Percona Server with an empty password for the root user. After everything is configured and tested, then a password is set. This is not a good practice in production servers (or soon-to-be production servers), but you can do it for your own test servers. With regards to authentication, things have changed a bit in 5.7, and methods that worked before now need a different procedure.
Let’s say that you install 5.7 and don’t specify a password. You will see the following:
|
1 2 3 4 5 |
SELECT User, Host, HEX(authentication_string) FROM mysql.user; +-----------+-----------+------------------------------------------------------------------------------------+ | User | Host | HEX(authentication_string) | +-----------+-----------+------------------------------------------------------------------------------------+ | root | localhost | | |
OK, the password is empty. Let’s change it:
|
1 2 3 4 5 6 7 |
mysql> ALTER USER 'root'@'localhost' IDENTIFIED BY 'test'; mysql> SELECT User, Host, HEX(authentication_string) FROM mysql.user; +-----------+-----------+------------------------------------------------------------------------------------+ | User | Host | HEX(authentication_string) | +-----------+-----------+------------------------------------------------------------------------------------+ | root | localhost | | |
That doesn’t work, it’s still empty:
|
1 2 3 4 5 6 7 |
mysql> SET PASSWORD FOR 'root'@'localhost' = PASSWORD('test'); mysql> SELECT User, Host, HEX(authentication_string) FROM mysql.user; +-----------+-----------+------------------------------------------------------------------------------------+ | User | Host | HEX(authentication_string) | +-----------+-----------+------------------------------------------------------------------------------------+ | root | localhost | | |
But why? Let’s check the warnings:
|
1 2 3 4 5 6 7 |
mysql> show warnings; +---------+------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | Level | Code | Message | +---------+------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | Warning | 1287 | 'SET PASSWORD FOR = PASSWORD('')' is deprecated and will be removed in a future release. Please use SET PASSWORD FOR = '' instead | | Note | 1699 | SET PASSWORD has no significance for user 'root'@'localhost' as authentication plugin does not support it. | +---------+------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ |
The problem is in the note coded 1699. This user is using an authentication plugin that doesn’t support a password. Which one could it be?
|
1 2 3 4 5 6 7 |
mysql> SELECT * from user where User="root"G *************************** 1. row *************************** Host: localhost User: root [...] plugin: auth_socket [...] |
Ok, auth_socket. If you install 5.7 and don’t provide a password to the root user, it will use the auth_socket plugin. That plugin doesn’t care and doesn’t need a password. It just checks if the user is connecting using a UNIX socket and then compares the username.
If we want to configure a password, we need to change the plugin and set the password at the same time, in the same command. First changing the plugin and then setting the password won’t work, and it will fall back to auth_socket again. So, run:
So, the correct way to do this is to run the following:
|
1 |
ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY 'test'; |
And now, it works 🙂
|
1 2 3 4 5 |
mysql> SELECT User, Host, HEX(authentication_string) FROM mysql.user; +-----------+-----------+------------------------------------ |