[MDEV-19516] mysql_secure_installation doesn't set password_last_changed while setting password for root Created: 2019-05-17  Updated: 2019-10-31  Resolved: 2019-10-31

Status: Closed
Project: MariaDB Server
Component/s: Authentication and Privilege System, Scripts & Clients
Affects Version/s: 10.4
Fix Version/s: 10.4.9

Type: Bug Priority: Major
Reporter: Elena Stepanova Assignee: Sergei Golubchik
Resolution: Fixed Votes: 0
Labels: None

Issue Links:
Relates
relates to MDEV-19519 mysql_install_db.exe doesn't set pass... Closed

 Description   

mysql_secure_installation performs direct updates on mysql.global_priv. If it is instructed to set a password for root, it inserts the authentication_string value, but not password_last_changed, and then it reloads privileges. So, if the server is running with non-zero default_password_lifetime, the rest of the script will fail, as root won't be allowed to do anything anymore. 

Change the root password? [Y/n] y
 
New password: 
Re-enter new password: 
Password updated successfully!
 
Reloading privilege tables..
 
 ... Success!
 
 
 
 
 
By default, a MariaDB installation has an anonymous user, allowing anyone
 
to log into MariaDB without having to have a user account created for
 
them.  This is intended only for testing, and to make the installation
 
go a bit smoother.  You should remove them before moving into a
 
production environment.
 
 
 
Remove anonymous users? [Y/n] y
 
ERROR 1820 (HY000) at line 1: You must SET PASSWORD before executing this statement
 
 ... Failed!

If it default_password_lifetime is configured later , then root will get blocked as soon as the value is set, even if it's only been minutes after mysql_secure_installation had finished, which is also somewhat embarrassing.


Generated at Thu Feb 08 08:52:17 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.