Bug #73148 mysql_secure_installation fails to run if the root plugin is sha256_password
Submitted: 30 Jun 2014 11:14 Modified: 27 Aug 2014 22:59
Reporter: Vamsikrishna Bhagi Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: Command-line Clients Severity:S3 (Non-critical)
Version:5.7 OS:Any
Assigned to: CPU Architecture:Any

[30 Jun 2014 11:14] Vamsikrishna Bhagi 
Description:
When root belongs to sha256_password, the login fails as
the mysql handler doesn't have the ssl options during
connection.

How to repeat:
Run mysql_install_db with

--default-authentication-plugin= 'sha256_password'

Then run mysql_secure_installation and the following error
is thrown:

anonymous@vbhagi:~/mysql/mysql-trunk/install_dir/usr/local/mysql$ ./bin/mysql_secure_installation --ssl-ca=/home/anonymous/mysql/mysql-trunk/mysql-test/std_data/cacert.pem --ssl-cert=/home/anonymous/mysql/mysql-trunk/mysql-test/std_data/client-cert.pem --ssl-key=/home/anonymous/mysql/mysql-trunk/mysql-test/std_data/client-key.pem

Securing the MySQL server deployment.

Connecting to MySQL server using password in '/home/anonymous/.mysql_secret'
Error: Access denied for user 'root'@'localhost' (using password: YES)

Suggested fix:
In the function get_root_password(), connection is attempted with a
blank password if a password is not provided. If blank is not the right
password, mysql_real_connect automatically resets all the connection
options.

The connection options need to be reset after this failure.
[27 Aug 2014 22:59] Paul DuBois 
Noted in 5.7.5 changelog.

mysql_secure_installation failed to run properly if the root account
authentication plugin was sha256_password.