Bug #80632 Enabling auth_socket with ALTER USER sets user as expired
Submitted: 7 Mar 2016 8:06 Modified: 24 May 2016 5:59
Reporter: Lars Tangvald Email Updates:
Status: Duplicate Impact on me:
None 
Category:MySQL Server: Security: Privileges Severity:S3 (Non-critical)
Version:5.7.11 OS:Any
Assigned to: CPU Architecture:Any

[7 Mar 2016 8:06] Lars Tangvald
Description:
When running ALTER USER IDENTIFIED WITH ... the mysql user will be set as expired, needing a password change to reenable.

When enabling auth_socket login for a user, a password is no longer needed to log in, as it will simply match the host system user to the mysql user, so requiring a password change no longer makes sense.

How to repeat:
* Start the server and log in with a privileged user (i.e. as root)
* Run INSTALL PLUGIN auth_socket soname 'auth_socket.so'
* Run ALTER USER 'root'@'localhost' IDENTIFIED WITH 'auth_socket'
* Run SELECT * FROM mysql.user and observe the error.

Suggested fix:
Ideally, enabling the auth_socket plugin should not expire the user.
[24 May 2016 5:59] Lars Tangvald
Duplicate of #79999, which was fixed in 5.7.12