Bug #114927 Convert users with mysql_native_password to caching_sha2_password
Submitted: 8 May 2024 23:29 Modified: 25 Nov 2024 12:46
Reporter: Mershad Irani Email Updates:
Status: No Feedback Impact on me:
None 
Category:MySQL Server: Security: Privileges Severity:S4 (Feature request)
Version:8.0 OS:Any
Assigned to: CPU Architecture:Any

[8 May 2024 23:29] Mershad Irani 
Description:
Feature Request:
 
Since mysql_native_password is depcreated and will be removed from future releases, it would be helpful if we are able to migrate the a user from an authentication plugin of  mysql_native_password to  caching_sha2_password without knowing or having to change its password. 

Currently you will only be able to migrate the user if you know the "password text" using the below statement. 

Alter user <username> identified with caching_sha2_password by '<password>'; 

However, if you don't know the existing password of the user, you will be forced to change its password while changing the authentication plugin. 

It would be helpful to allow customers to change the authentication plugin from mysql_native_password to  caching_sha2_password  while still maintaining the same password and without having to know the password. 

This would also help in cases where you have thousands of database users and having the need to migrate them to caching_sha2_password with a password change would be a tedious process. 

If this is something that is not currently feasible to implement, it would help if the upgrade process to the next MySQL version that removes  mysql_native_password , will have an option to automatically migrate the users to from mysql_native_password caching_sha2_password. 

How to repeat:
N/A. This is a feature request.
[9 May 2024 7:28] MySQL Verification Team 
Hello Mershad,

Thank you for the feature request.

regards,
Umesh
[25 Oct 2024 12:46] Georgi Kodinov 
Thanks for your reasonable feature request. Unfortunately, both mysql_native_password and caching_sha2_password do not store the password itself. They store a hash of it (and additional things). And there's no way to guess the password from the hash without using hacking techniques that take time and resources. 

Do you have a conrete suggestion on how to reverse the SHA1 hash to get the clear text password?
[26 Nov 2024 1:00] Bugs System 
No feedback was provided for this bug for over a month, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".