A user recently found out that the password for his 'root'@'localhost' account was being ignored. It turns out that his build of MariaDB uses unix_socket authentication by default for that user account. However, he was not aware of that, so he still attempted to set a password for this user account. He was also not familiar with the unix_socket plugin, so he was quite confused when he discovered that he could log into MariaDB without supplying a password after he explicitly set one.
The user suggested that it might be worthwhile for the server to throw a warning when a user's provided login password is ignored. For security reasons, it might make sense to only write the warning to the server's error log. Maybe this warning could be toggled on/off based on the value of log_warnings, similar to the other warnings thrown by authentication issues.
I'm not entirely familiar with internals of the authentication plugin API, so I don't know how practical this feature request is with the current implementation.