Login/Register
How do I turn off the mysql password validation?
Asked Answered
Solved mysqlvalidationglobal-variablesmysql-5.7change-password
L

16

208

It seems that I may have inadvertently loaded the password validation plugin in MySQL 5.7. This plugin seems to force all passwords to comply to certain rules.

I would like to turn this off.

I've tried changing the validate_password_length variable as suggested here to no avail.

mysql> SET GLOBAL validate_password_length=4;
Query OK, 0 rows affected (0.00 sec)

mysql> SET PASSWORD FOR 'app' = PASSWORD('abcd');
ERROR 1819 (HY000): Your password does not satisfy the current policy requirements

I would like to either unload the plugin or neuter it somehow.

Laban answered 30/3, 2016 at 6:17 Comment(2)
Have you tried changing the policy setting? SET GLOBAL validate_password_policy=LOW;Corby
SET GLOBAL validate_password.policy=LOW;Infuscate
S
526

Here is what I do to remove the validate password plugin:

  1. Login to the mysql server as root mysql -h localhost -u root -p
  2. Run the following sql command: uninstall plugin validate_password;
  3. If last line doesn't work (new mysql release), you should execute UNINSTALL COMPONENT 'file://component_validate_password';

I would not recommend this solution for a production system. I used this solution on a local mysql instance for development purposes only.

Stomach answered 23/7, 2016 at 5:51 Comment(6)
to re-enable it again, use following command: INSTALL PLUGIN validate_password SONAME 'validate_password.so';Lillielilliputian
To remove the plugin you will need to set up a secure password at least once via grep 'password' /var/log/mysqld.log | tail -1 and then /usr/bin/mysql_secure_installation. After doing so you can run the commands from srayhunter above then run mysqladmin -u root -p'oldpassword' password newpass to use any password you would like.Mendelism
The plugin is called cracklib_password_check in current MariaDB.Saddletree
Note: In MySQL 8.0.4, the validate_password plugin was reimplemented as the validate_password component. Instead of the #2 query above, run: UNINSTALL COMPONENT 'file://component_validate_password';Beore
Removing the module itself is not the proper solution. You can retain the feature by lowering the security policy.Kramlich
mysql> SET GLOBAL validate_password_policy = 0;Kind
H
84

For mysql 8.0 the command to disable password validation component is:

UNINSTALL COMPONENT 'file://component_validate_password';

To install it back again, the command is:

INSTALL COMPONENT 'file://component_validate_password';

If you just want to change the policy of password validation plugin:

SET GLOBAL validate_password.policy = 0;   # For LOW
SET GLOBAL validate_password.policy = 1;   # For MEDIUM
SET GLOBAL validate_password.policy = 2;   # For HIGH
Hanahanae answered 28/7, 2018 at 23:10 Comment(0)
C
35

Building on the answer from Sharfi, edit the /etc/my.cnf file and add just this one line:

validate_password_policy=LOW

That should sufficiently neuter the validation as requested by the OP. You will probably want to restart mysqld after this change. Depending on your OS, it would look something like:

sudo service mysqld restart

validate_password_policy takes either values 0, 1, or 2 or words LOW, MEDIUM, and STRONG which correspond to those numbers. The default is MEDIUM (1) which requires passwords contain at least one upper case letter, one lower case letter, one digit, and one special character, and that the total password length is at least 8 characters. Changing to LOW as I suggest here then only will check for length, which if it hasn't been changed through other parameters will check for a length of 8. If you wanted to shorten that length limit too, you could also add validate_password_length in to the my.cnf file.

For more info about the levels and details, see the mysql doc.

For MySQL 8, the property has changed from "validate_password_policy" to "validate_password.policy". See the updated mysql doc for the latest info.

Cecilia answered 28/2, 2017 at 10:41 Comment(4)
If you only need a temporary change, to allow a single password to be set, you could use SET GLOBAL validate_password_policy=LOW;Corby
This is a better solution than removing the module itself.Kramlich
mysql: unknown variable 'validate_password_policy=LOW'Withershins
Looks like the variable name has changed in the latest MySQL. @Amalgovinus, try using the variable name "validate_password.policy" instead and see if that works for you. And if it does, I'll update my answer.Cecilia
H
7

To reply to your question: How do I turn off mysql password validation?

Short answer: You can reduce the complexity.

Login to Mysql Client as a root.

set global validate_password.policy = LOW;
set global validate_password.length = 2;
set global validate_password.mixed_case_count = 0;
set global validate_password.number_count = 0;
set global validate_password.special_char_count = 0;

Proceed with create user ...

Homeopathist answered 13/5, 2021 at 7:48 Comment(1)
Thanks this helped me a lot to set simple password on my local machine. Thanks :)Seashore
Z
6

To disable password checks in mariadb-10.1.24 (Fedora 24) I had to comment out a line in /etc/my.cnf.d/cracklib_password_check.cnf file:

;plugin-load-add=cracklib_password_check.so

then restart mariadb service:

systemctl restart mariadb.service
Zilvia answered 21/6, 2017 at 18:53 Comment(0)
J
5

Uninstall:

mysql> uninstall plugin validate_password;

An uninstalled plugin is not displayed by show plugins;

Install:

mysql> install plugin validate_password SONAME 'validate_password.so';

Disabled by configuration:

[mysqld]
validate_password = OFF

A plugin can be disabled by configuration only if installed.

Jolly answered 31/5, 2019 at 12:38 Comment(0)
A
4

You can configure this in mysql configuration file open /etc/my.cnf file In this file all the lines which is configuring the password policy make those commented like

#validate-password=FORCE_PLUS_PERMANENT
#validate_password_length=10
#validate_password_mixed_case_count=1
#validate_password_number_count=1
#validate_password_policy=MEDIUM

Uncomment and change the value of the properties you want to change.

Archery answered 23/9, 2016 at 10:55 Comment(0)
K
4

If you want to make exceptions, you can apply the following "hack". It requires a user with DELETE and INSERT privilege for mysql.plugin system table.

uninstall plugin validate_password;
SET PASSWORD FOR 'app' = PASSWORD('abcd');
INSTALL PLUGIN validate_password SONAME 'validate_password.so';

Bland security disclaimer: Consider, why you are making your password shorter or easier and perhaps consider replacing it with one that is more complex. However, I understand the "it's 3AM and just needs to work" moments, just make sure you don't build a system of hacks, lest you yourself be hacked

Kubis answered 10/3, 2017 at 20:57 Comment(0)
I
2

Further to the answer from ktbos:

I modified the mysqld.cnf file and mysql failed to start. It turned out that I was modifying the wrong file!

So be sure the file you modify contains segment tags like [mysqld_safe] and [mysqld]. Under the latter I did as suggested and added the line:

validate_password_policy=LOW

This worked perfectly to resolve my issue of not requiring special characters within the password.

Imprecise answered 30/5, 2017 at 10:22 Comment(0)
B
1

I was having a problem on Ubuntu 18.04 on Mysql. When I needed to create a new user, the policy was always high.

The way I figured out how to disable, for future colleagues who come to investigate, was set to low.

Login to the mysql server as root

mysql -h localhost -u root -p

Set the new type of validation

SET GLOBAL validate_password_policy=0; //For Low

Restart mysql

sudo service mysql restart
Buhl answered 29/7, 2018 at 18:23 Comment(1)
You must write this "SET..." command to mysql shell. Not to bash shell.Saipan
D
0

For references and the future, one should read the doc here https://dev.mysql.com/doc/mysql-secure-deployment-guide/5.7/en/secure-deployment-password-validation.html

Then you should edit your mysqld.cnf file, for instance :

vim /etc/mysql/mysql.conf.d/mysqld.cnf

Then, add in the [mysqld] part, the following :

plugin-load-add=validate_password.so
validate_password_policy=LOW

Basically, if you edit your default, it will looks like : 

[mysqld]
#
# * Basic Settings
#
user            = mysql
pid-file        = /var/run/mysqld/mysqld.pid
socket          = /var/run/mysqld/mysqld.sock
port            = 3306
basedir         = /usr
datadir         = /var/lib/mysql
tmpdir          = /tmp
lc-messages-dir = /usr/share/mysql
skip-external-locking
plugin-load-add=validate_password.so
validate_password_policy=LOW

Then, you can restart:

systemctl restart mysql

If you forget the plugin-load-add=validate_password.so part, you will it an error at restart.

Enjoy !

Dolli answered 4/5, 2020 at 14:9 Comment(0)
A
0

Things have been a bit different in MySQL 8 (But in fairness, technically for the better). I gave up on trying to remove the password on my local MacOS install. So, I realized that if you can't beat 'em, join 'em!

Here's my quick & dirty solution:

  • installed MySQL8 via HomeBrew (by default, installs as insecure)
  • edited my ~/.zshrc (because that's the shell I use. others might use .bash_profile or other)
    • nano ~/.zshrc
  • added 2 alias lines
    • alias mysql='mysql -uroot'
    • alias mysqladmin='mysqladmin -uroot'
  • pushed changes by
    • source ~/.zshrc

So now, rather than worrying about using the -u or -p flags, they're automatically used on mysql or mysqladmin commands.

FYI, this should also work if you DO have a password. You'd simply include the -pPASSWORD in your alias. (ex: alias mysql='mysql -uroot -pPASSWORD')

Additionally, you could add additional alias lines if you use any other mysql commands.

FYI: DO NOT take these steps on a Production server.
I'd like believe that goes without saying... but, just in case you didn't know better.

Allerus answered 6/5, 2022 at 14:44 Comment(0)
E
0

Log in to your MariaDB server using the command

mysql -u root

or

mysql -u root -pYOURPASSWORD
UPDATE mysql.user SET plugin = 'mysql_native_password' WHERE user = 'root' AND plugin = 'unix_socket';

and

FLUSH PRIVILEGES;
Elane answered 6/2, 2023 at 13:39 Comment(0)
A
-1

On some installations, you cannot execute this command until you have reset the root password. You cannot reset the root password, until you execute this command. Classic Catch-22.

One solution not mention by other responders is to temporarily disable the plugin via mysql configuration. In any my.cnf, in the [mysqld] section, add:

skip-validate_password=1

and restart the server. Change the password, and set the value back to 0, and restart again.

Asphyxiate answered 3/5, 2020 at 21:58 Comment(1)
this doesn't work. Can you mention which mysql version this applies to?Rickard
A
-2

For mysql 8.0.7, Go to your mysql directory, and then use:

sudo bin/mysql_secure_installation

to configure the password option.

Arleen answered 8/8, 2018 at 9:50 Comment(0)
T
-3
CREATE USER 'username'@'localhost' IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON *.* TO 'organizer'@'localhost'  WITH GRANT OPTION;

CREATE USER 'username'@'%' IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON *.* TO 'organizer'@'%' WITH GRANT OPTION;
FLUSH PRIVILEGES;

no need to stop/start mysql

Tripetalous answered 21/1, 2019 at 19:41 Comment(0)

© 2022 - 2025 — McMap. All rights reserved.