Bug #78863 help tables in the server have outdated 'set password' page
Submitted: 16 Oct 2015 21:08 Modified: 3 Dec 2015 8:56
Reporter: Philip Antoniades Email Updates:
Status: Can't repeat Impact on me:
Category:MySQL Server: Documentation Severity:S3 (Non-critical)
Version:5.7.8-rc OS:Ubuntu (14.04, via our repos)
Assigned to: CPU Architecture:Any
Tags: Help, set password

[16 Oct 2015 21:08] Philip Antoniades
help set password; 
Should return the same text found here:

Specifically, on the deprecation of password()

How to repeat:
mysql> select version();help set password;
| version() |
| 5.7.8-rc  |
1 row in set (0.00 sec)

        PASSWORD('cleartext password')
      | OLD_PASSWORD('cleartext password')
      | 'encrypted password'

The SET PASSWORD statement assigns a password to a MySQL user account:

o With no FOR user clause, this statement sets the password for the
  current user:

SET PASSWORD = PASSWORD('cleartext password');

  Any client who connects to the server using a nonanonymous account
  can change the password for that account. To see which account the
  server authenticated you for, invoke the CURRENT_USER() function:


o With a FOR user clause, this statement sets the password for the
  named account, which must exist:

SET PASSWORD FOR 'jeffrey'@'localhost' = PASSWORD('cleartext password');

  In this case, you must have the UPDATE privilege for the mysql

When the read_only system variable is enabled, SET PASSWORD requires
the SUPER privilege, in addition to any other required privileges.

If a FOR user clause is given, the account name uses the format
described in http://dev.mysql.com/doc/refman/5.7/en/account-names.html.
The user value should be given as 'user_name'@'host_name', where
'user_name' and 'host_name' are exactly as listed in the User and Host
columns of the account's mysql.user table row. (If you specify only a
user name, a host name of '%' is used.) For example, to set the
password for an account with User and Host column values of 'bob' and
'%.example.org', write the statement like this:

SET PASSWORD FOR 'bob'@'%.example.org' = PASSWORD('cleartext password');

The password can be specified in these ways:

o Using the PASSWORD() function

  The function argument is the cleartext (unencrypted) password.
  PASSWORD() hashes the password and returns the encrypted password

  The old_passwords system variable value determines the hashing method
  used by PASSWORD(). If SET PASSWORD rejects the password as not being
  in the correct format, it may be necessary to change old_passwords to
  change the hashing method. For example, if the account uses the
  mysql_native_password plugin, the old_passwords value must be 0:

SET old_passwords = 0;
SET PASSWORD FOR 'jeffrey'@'localhost' = PASSWORD('mypass');

  If the old_passwords value differs from that required by the
  authentication plugin, hashed password values returned by PASSWORD()
  are not acceptable for that plugin and attempts to set the password
  produce an error. For example:

mysql> SET old_passwords = 1;
mysql> SET PASSWORD FOR 'jeffrey'@'localhost' = PASSWORD('mypass');
ERROR 1372 (HY000): Password hash should be a 41-digit hexadecimal number

o Using the OLD_PASSWORD() function:

  The function argument is the cleartext (unencrypted) password.
  OLD_PASSWORD() hashes the password using pre-4.1 hashing and returns
  the encrypted password string. This hashing method is appropriate
  only for accounts that use the mysql_old_password authentication

o Using an already encrypted password string

  The password is specified as a string literal. It must represent the
  already encrypted password value, in the hash format required by the
  authentication method used for the account.

URL: http://dev.mysql.com/doc/refman/5.7/en/set-password.html

Suggested fix:
Update text.
[3 Dec 2015 8:56] MySQL Verification Team
Hello Philip,

Thank you for the report.
Sorry somehow I missed this report.
I have confirmed that 5.7.9 builds(yum/apt repo, and binary tarball etc) are not affected and shows the expected results.

[3 Dec 2015 8:57] MySQL Verification Team
ubuntu test results

Attachment: 78863_apt.results (application/octet-stream, text), 6.01 KiB.