MySQL force user change password

Since version 5.6.6 MySQL has introduced the capability to force an user to change their password.
You can archive that by issue ALTER USER PASSWORD EXPIRE statement.

ALTER USER 'marcelo'@'localhost' PASSWORD EXPIRE;

Next time marcelo tries to login from localhost it will block all statements rather then SET PASSWORD;

mysql> \s
ERROR 1820 (HY000): You must SET PASSWORD before executing this statement

To remove this block, just issue an :

#Or use the hash received from SELECT PASSWORD('pwd');
SET PASSWORD = '*975B2CD4FF9AE554FE8AD33168FBFC326D2021DD';

But be careful, if you expire the password for an account, you won’t be able to login with any client version before 5.6.10(GA):

ERROR 1862 (HY000): Your password has expired. To log in you must change it using a client that supports expired passwords.

As Peter Zaitsev wrote on his post in some rpm installation, MySQL install the root user with a temporary password and force you to change it in the next login.

More information can be find at MySQL Password Expiration Documentation and MySQL ALTER USER Documentation

Leave a Reply

Your email address will not be published. Required fields are marked *