Bug #87845 Initialization of root password doesn't adhere to validation plugin policy
Submitted: 22 Sep 2017 17:49 Modified: 25 Sep 2017 13:07
Reporter: J. Alexander Email Updates:
Status: Verified Impact on me:
Category:MySQL Server: Command-line Clients Severity:S2 (Serious)
Version:5.7.5+, 5.7.19 OS:Any
Assigned to: CPU Architecture:Any

[22 Sep 2017 17:49] J. Alexander
Random root password generation step for initialization will fail with error 1819 ("Your password does not satisfy the current policy requirements") if the password validation plugin is enabled and 'validate_password_length' > 12 characters.

How to repeat:
Enable the Password Validation Plugin with 'validate_password_length' set to a value > 12 characters and run the initialization process to generate a random root password.

Suggested fix:
Check if the Password Validation Plugin is enabled and adjust the root password generation process to adhere to the 'validate_password_*' configuration settings.
[25 Sep 2017 13:07] MySQL Verification Team
Hello J. Alexander,

Thank you for the report.

[25 Sep 2017 13:08] MySQL Verification Team
-- 5.7.19

[umshastr@hod03]/export/umesh/server/binaries/Trunk/87827/mysql-5.7.19: rm -rf 87827 && bin/mysqld  --initialize --basedir=$PWD --datadir=$PWD/87827 --plugin-load-add=validate_password.so --validate_password_length=15 

2017-09-23T05:58:06.362926Z 0 [Warning] TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details).
2017-09-23T05:58:06.814020Z 0 [Warning] InnoDB: New log files created, LSN=45790
2017-09-23T05:58:06.884784Z 0 [Warning] InnoDB: Creating foreign key constraint system tables.
2017-09-23T05:58:06.938987Z 0 [Warning] No existing UUID has been found, so we assume that this is the first time that this server has been started. Generating a new UUID: 2ba1f158-a024-11e7-a9d9-0010e05f3e06.
2017-09-23T05:58:06.939514Z 0 [Warning] Gtid table is not ready to be used. Table 'mysql.gtid_executed' cannot be opened.
2017-09-23T05:58:06.940192Z 1 [Note] A temporary password is generated for root@localhost: py2H<_6!:.ji
2017-09-23T05:58:07.092842Z 1 [ERROR] 1819  Your password does not satisfy the current policy requirements
2017-09-23T05:58:07.092979Z 0 [ERROR] Aborting
[26 Sep 2017 9:31] Hugo Dubois

I have the same issue with the initialize-insecure option:

2017-09-26T11:27:31.414121+01:00 1 [Note] Creating the system database
2017-09-26T11:27:31.414142+01:00 1 [Warning] root@localhost is created with an empty password ! Please consider switching off the --initialize-insecure option.
2017-09-26T11:27:31.414347+01:00 1 [Note] Creating the system tables
2017-09-26T11:27:31.577606+01:00 1 [Note] Filling in the system tables, part 1
2017-09-26T11:27:31.578334+01:00 1 [ERROR] 1819  Your password does not satisfy the current policy requirements
2017-09-26T11:27:31.578347+01:00 1 [Note] Bootstrapping complete
2017-09-26T11:27:31.578431+01:00 0 [ERROR] Aborting

I think you should not check password policy at the bootstrap operation