Bug #396 Set password for non-root users
Submitted: 8 May 2003 5:09 Modified: 7 Jun 2003 6:38
Reporter: Andreas Sundermann Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server Severity:S3 (Non-critical)
Version:mysql-standard-4.0.12-pc-linux-i686 OS:Linux (Linux (Redhat 8.0))
Assigned to: Alexey Botchkov CPU Architecture:Any

[8 May 2003 5:09] Andreas Sundermann
Description:
After an upgrade from 3.2.55 to 4.0.12 it is no longer possible for a normal user on a remote machine having no UPDATE privileges for the 'mysql.user' table to change his/her own password using SET PASSWORD.

set password = password ('blah');
ERROR 1044: Access denied for user: 'asu@172.16.0.42' to database 'mysql'

It works, if the user is granted update privileges for the 'mysql.user' table AND    the 'host' column contains the IP adress of the client (not the hostname) --> DNS also doesn't work with the SET PASSWORD function though it works without any problems for 'normal' login.
(but changing just the host column or setting it to '%' doesn't help ;-))

How to repeat:
mysql  Ver 12.18 Distrib 4.0.12, for pc-linux (i686)
SET PASSWORD = PASSWORD('xyz') for a non-privileged user on a remote machine

Suggested fix:
check host/user identification for the SET PASSWORD function?
[15 May 2003 9:26] Mike Hillyer
I have encountered the same issue with servers on Win2K and SCO Unixware 7. While I have few enough users that I can manually change their passwords, this has broken my application upon upgrading.

Mike Hillyer
[16 May 2003 5:20] [ name withheld ]
There is an issue here about which hostname is used. 
The bug does not happen when I connect with
mysql -h localhost -u xxx -p

but happens with
mysql -h myhost.domain.com -u xxx -p

The user is defined with "%" in his Host field in mysql.user and has no rights
to the "mysql" db.
[16 May 2003 5:31] [ name withheld ]
To add to my previous comment (about localhost),
I found this in the manual about bugfixes for 4.0.13
(to be released soon):

# Fixed few smaller issues with SET PASSWORD.

Marc Delisle,
phpMyAdmin team.
[7 Jun 2003 6:38] Alexey Botchkov
Thank you for your bug report. This issue has been fixed in the latest
development tree for that product. You can find more information about
accessing our development trees at 
    http://www.mysql.com/doc/en/Installing_source_tree.html

I've checked last development tree, and everything went ok with passwords.
I think this actually was fixed after 4.0.13.