Bug #114938 | MySQL 8.0.32 alter user with mysql_native_password need CREATE USER privileges | ||
---|---|---|---|
Submitted: | 9 May 8:08 | Modified: | 10 May 10:14 |
Reporter: | mars xu | Email Updates: | |
Status: | Verified | Impact on me: | |
Category: | MySQL Server: Documentation | Severity: | S3 (Non-critical) |
Version: | 8.0 | OS: | Any |
Assigned to: | CPU Architecture: | Any |
[9 May 8:08]
mars xu
[9 May 8:15]
mars xu
authentication_policy = mysql_native_password default_authentication_plugin = mysql_native_password
[9 May 11:48]
MySQL Verification Team
Hi MR. xu, Thank you for your bug report. However, mysql_native_password option is no longer supported and that plugin is no longer available in the current versions of 8.0. Our Reference Manual clearly states the following: As of MySQL 8.0.34, the mysql_native_password authentication plugin is deprecated and subject to removal in a future version of MySQL. on this page: https://dev.mysql.com/doc/refman/8.0/en/native-pluggable-authentication.html#native-plugga... Unsupported.
[10 May 7:00]
mars xu
First of all, thank you for your response. Although I'm using mysql_native_password here, the actual issue arises when using the ALTER USER xxx WITH xxx BY syntax, which requires the user to have the CREATE USER privilege. For example, even if the statement is changed to ALTER USER 'user_a'@'%' IDENTIFIED WITH caching_sha2_password BY 'newPassword', you'll still encounter ERROR 1227. Is this reasonable?
[10 May 9:55]
MySQL Verification Team
Hi Mr. xu, This sounds very interesting. Can you send us a full and repeatable test case with caching_sha2_password ???? Thanks in advance.
[10 May 10:14]
MySQL Verification Team
Hi Mr. xu, Thank you for your bug report. We made our own test case and, indeed, this is a bug, because even when using caching_sha2_password, you still get an error. This is totally insignificant bug, but still a bug, which is affecting version 8.0 and higher. Verified. Thanks a lot !!!!!!
[10 May 11:47]
MySQL Verification Team
Hi, We had a discussion with a Development team. Any IDENTIFIED WITH will require CREATE / ALTER privileges, since the default authentication method would be revealed to the user who does not have administrative privileges. https://dev.mysql.com/doc/refman/8.0/en/alter-user.html: The above page will be appended to specify then any use of IDENTIFIED WITH, regardless of the authentication plugin, will require special privileges. So, it is still a bug, but a bug in the documentation.