After the upgrade of mysql to version 5.7, the security has increased greatly.
MySQL 5.7 randomly generates a password for root users and prints it in error_log. For the location of error_log, if RPM packages are installed, the default is / var/log/mysqld.log.
So we can find the initial password string in mysqld.log:
cat /var/log/mysqld.log | grep password
Log in with the initial password string:
mysql -u root -p's;*QJ6/gX1et'
But after you log in, you will find that many functions can not be used. Only by changing the password can you operate normally.
So we changed the password:
mysql> SET PASSWORD = PASSWORD('123456'); ERROR 1819 (HY000): Your password does not satisfy the current policy requirements mysql> SET PASSWORD = PASSWORD("root"); ERROR 1819 (HY000): Your password does not satisfy the current policy requirements
However, he insisted that the password did not meet the policy requirements.
Let's first look at the current password policy for the database.
mysql root@localhost:(none)> show VARIABLES like "%password%" +---------------------------------------+---------+ | Variable_name | Value | |---------------------------------------+---------| | default_password_lifetime | 0 | | disconnect_on_expired_password | ON | | log_builtin_as_identified_by_password | OFF | | mysql_native_password_proxy_users | OFF | | old_passwords | 0 | | report_password | | | sha256_password_proxy_users | OFF | | validate_password_dictionary_file | | | validate_password_length | 8 | | validate_password_mixed_case_count | 1 | | validate_password_number_count | 1 | | validate_password_policy | MEDIUM | | validate_password_special_char_count | 1 | +---------------------------------------+---------+
According to the official documents, we can find that the policy is 1, MEDIUM.
So you have to change your password: numbers, lowercase letters, uppercase letters, special characters, at least 8 bits in length.
ALTER USER 'root'@'localhost' IDENTIFIED BY 'new_password'; //perhaps SET password='new_password';
So you can successfully change the password, and finally you have to set the expiration time to prevent password invalidation.
Add in / etc/my.cnf configuration file
[mysqld] default_password_lifetime=0
Or set it directly by command
ALTER USER 'script'@'localhost' PASSWORD EXPIRE NEVER
Above all, you can roam in the world of mysql happily.
Foreign article
But sometimes in order to facilitate the graph, the data security requirements are not very high, we usually prefer to set a simple password, such as 123456.
Law 1:
Add in / etc/my.cnf configuration file
[mysqld] validate_password=off
Then service mysqld restart or system CTL restart mysqld. service restart mysqld, through SHOW PLUGINS; you can see that the password validation plug-in has been stopped.
+-------------------+----------+-------------------+----------------------+-----+ | validate_password | DISABLED | VALIDATE PASSWORD | validate_password.so | GPL | +-------------------+----------+-------------------+----------------------+-----+
Law two:
Change password policy to LOW
set global validate_password_policy=0;
Change password length
set global validate_password_length=0;
In this way, the password can be set at will:
update mysql.user set authentication_string=password('123456') where user='root' and Host = 'localhost'; //perhaps set password for 'root'@'localhost'=password('123456');
Of course, there is another way that we do not set the initial password at the very beginning:
Simply specify -- initialize-insecure at initialization time, such as:
mysqld --initialize-insecure --datadir=/var/lib/mysql --basedir=/usr --user=mysql
At this point, SHOW VARIABLES LIKE'vali%'; will also be empty because the plug-in is not installed.