如何关闭MySQL密码验证？

小开

最佳答案

Here is what I do to remove the validate password plugin:

Login to the mysql server as root mysql -h localhost -u root -p
Run the following sql command: uninstall plugin validate_password;
If last line doesn't work (new mysql release), you should execute UNINSTALL COMPONENT 'file://component_validate_password';

I would not recommend this solution for a production system. I used this solution on a local mysql instance for development purposes only.

小开

You can configure this in mysql configuration file open /etc/my.cnf file In this file all the lines which is configuring the password policy make those commented like

#validate-password=FORCE_PLUS_PERMANENT
#validate_password_length=10
#validate_password_mixed_case_count=1
#validate_password_number_count=1
#validate_password_policy=MEDIUM

Uncomment and change the value of the properties you want to change.

小开

Building on the answer from Sharfi, edit the /etc/my.cnf file and add just this one line:

validate_password_policy=LOW

That should sufficiently neuter the validation as requested by the OP. You will probably want to restart mysqld after this change. Depending on your OS, it would look something like:

sudo service mysqld restart

validate_password_policy takes either values 0, 1, or 2 or words LOW, MEDIUM, and STRONG which correspond to those numbers. The default is MEDIUM (1) which requires passwords contain at least one upper case letter, one lower case letter, one digit, and one special character, and that the total password length is at least 8 characters. Changing to LOW as I suggest here then only will check for length, which if it hasn't been changed through other parameters will check for a length of 8. If you wanted to shorten that length limit too, you could also add validate_password_length in to the my.cnf file.

For more info about the levels and details, see the mysql doc.

For MySQL 8, the property has changed from "validate_password_policy" to "validate_password.policy". See the updated mysql doc for the latest info.

小开

If you want to make exceptions, you can apply the following "hack". It requires a user with DELETE and INSERT privilege for mysql.plugin system table.

uninstall plugin validate_password;
SET PASSWORD FOR 'app' = PASSWORD('abcd');
INSTALL PLUGIN validate_password SONAME 'validate_password.so';

Bland security disclaimer: Consider, why you are making your password shorter or easier and perhaps consider replacing it with one that is more complex. However, I understand the "it's 3AM and just needs to work" moments, just make sure you don't build a system of hacks, lest you yourself be hacked

小开

Further to the answer from ktbos:

I modified the mysqld.cnf file and mysql failed to start. It turned out that I was modifying the wrong file!

So be sure the file you modify contains segment tags like [mysqld_safe] and [mysqld]. Under the latter I did as suggested and added the line:

validate_password_policy=LOW

This worked perfectly to resolve my issue of not requiring special characters within the password.

小开

To disable password checks in mariadb-10.1.24 (Fedora 24) I had to comment out a line in /etc/my.cnf.d/cracklib_password_check.cnf file:

;plugin-load-add=cracklib_password_check.so

then restart mariadb service:

systemctl restart mariadb.service

小开

For mysql 8.0 the command to disable password validation component is:

UNINSTALL COMPONENT 'file://component_validate_password';

To install it back again, the command is:

INSTALL COMPONENT 'file://component_validate_password';

If you just want to change the policy of password validation plugin:

SET GLOBAL validate_password.policy = 0;   # For LOW
SET GLOBAL validate_password.policy = 1;   # For MEDIUM
SET GLOBAL validate_password.policy = 2;   # For HIGH

小开

I was having a problem on Ubuntu 18.04 on Mysql. When I needed to create a new user, the policy was always high.

The way I figured out how to disable, for future colleagues who come to investigate, was set to low.

Login to the mysql server as root

mysql -h localhost -u root -p

Set the new type of validation

SET GLOBAL validate_password_policy=0; //For Low

Restart mysql

sudo service mysql restart

小开

For mysql 8.0.7, Go to your mysql directory, and then use:

sudo bin/mysql_secure_installation

to configure the password option.

小开

CREATE USER 'username'@'localhost' IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON *.* TO 'organizer'@'localhost'  WITH GRANT OPTION;


CREATE USER 'username'@'%' IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON *.* TO 'organizer'@'%' WITH GRANT OPTION;
FLUSH PRIVILEGES;

no need to stop/start mysql

小开

Uninstall:

mysql> uninstall plugin validate_password;

An uninstalled plugin is not displayed by show plugins;

Install:

mysql> install plugin validate_password SONAME 'validate_password.so';

Disabled by configuration:

[mysqld]
validate_password = OFF

A plugin can be disabled by configuration only if installed.

小开

On some installations, you cannot execute this command until you have reset the root password. You cannot reset the root password, until you execute this command. Classic Catch-22.

One solution not mention by other responders is to temporarily disable the plugin via mysql configuration. In any my.cnf, in the [mysqld] section, add:

skip-validate_password=1

and restart the server. Change the password, and set the value back to 0, and restart again.

小开

For references and the future, one should read the doc here https://dev.mysql.com/doc/mysql-secure-deployment-guide/5.7/en/secure-deployment-password-validation.html

Then you should edit your mysqld.cnf file, for instance :

vim /etc/mysql/mysql.conf.d/mysqld.cnf

Then, add in the [mysqld] part, the following :

plugin-load-add=validate_password.so
validate_password_policy=LOW

Basically, if you edit your default, it will looks like :

[mysqld]
#
# * Basic Settings
#
user            = mysql
pid-file        = /var/run/mysqld/mysqld.pid
socket          = /var/run/mysqld/mysqld.sock
port            = 3306
basedir         = /usr
datadir         = /var/lib/mysql
tmpdir          = /tmp
lc-messages-dir = /usr/share/mysql
skip-external-locking
plugin-load-add=validate_password.so
validate_password_policy=LOW

Then, you can restart:

systemctl restart mysql

If you forget the plugin-load-add=validate_password.so part, you will it an error at restart.

Enjoy !

小开

To reply to your question: How do I turn off mysql password validation?

Short answer: You can reduce the complexity.

Login to Mysql Client as a root.

set global validate_password.policy = LOW;
set global validate_password.length = 2;
set global validate_password.mixed_case_count = 0;
set global validate_password.number_count = 0;
set global validate_password.special_char_count = 0;

Proceed with create user ...

小开

Things have been a bit different in MySQL 8 (But in fairness, technically for the better). I gave up on trying to remove the password on my local MacOS install. So, I realized that if you can't beat 'em, join 'em!

Here's my quick & dirty solution:

installed MySQL8 via HomeBrew (by default, installs as insecure)
edited my ~/.zshrc (because that's the shell I use. others might use .bash_profile or other)
- nano ~/.zshrc
added 2 alias lines
- alias mysql='mysql -uroot'
- alias mysqladmin='mysqladmin -uroot'
pushed changes by
- source ~/.zshrc

So now, rather than worrying about using the -u or -p flags, they're automatically used on mysql or mysqladmin commands.

FYI, this should also work if you DO have a password. You'd simply include the -pPASSWORD in your alias. (ex: alias mysql='mysql -uroot -pPASSWORD')

Additionally, you could add additional alias lines if you use any other mysql commands.

FYI: DO NOT take these steps on a Production server.
I'd like believe that goes without saying... but, just in case you didn't know better.