10

I am in the process of moving a new application to the Production environment which includes a MySQL DB.

While attempting to grant the required privileges using the command:

GRANT ALTER,CREATE ON `MyDB`.`*` to `ThisUser`@`*` ;

I'm getting the error: ERROR 1819 (HY000): Your password does not satisfy the current policy requirements.

and this, while the passwords (of the root user as well as of the ThisUser) fully satisfy the current policy:

  • The length of the passwords are above 8 chars,
  • They include both upper and lower case, as well as digits and special chars (like "!", "@", "$", etc.).

I tried setting the validate_password_policy to LOW but it didn't help either.

Can anyone explain what the issue is and how to resolve it?

Thanks.

FDavidov
  • 3,505
  • 6
  • 23
  • 59
  • Have you tried using quotes instead of backticks like in the doc examples: http://dev.mysql.com/doc/refman/5.7/en/grant.html – juergen d Jun 11 '16 at 11:10
  • Yes, and it claims that there is a syntax error in the command. – FDavidov Jun 11 '16 at 11:25
  • Perhaps you changed the policy after the alleged-to-exist user was created. See [this](http://dev.mysql.com/doc/refman/5.7/en/set-password.html) , such as `SET PASSWORD FOR 'bob'@'%.example.org' = PASSWORD('auth_string');` ... note, I am not used to the `\`*\`` part but rather `'%'`. Actually, I would use single quotes. Not sure why you are using `\`` – Drew Jun 11 '16 at 12:07
  • Than you @Drew for your comments. The reason I'm using ` is that normal quotes would cause a syntax error (have no idea why). As for the first part of your question, I also tried changing the password of the user but with no positive result. In any case, I don't understand why I get such an error message since the password is well within the **paranoiac** area (something like `A@x@ffrt6781` which certainly matches the policy). – FDavidov Jun 11 '16 at 16:15
  • Check out my answer [here](http://stackoverflow.com/a/37734294) if it is related to anything else you just mentioned. Keep in mind that as you go from one environment to another, escape sequences can change. Like my going from c# to mysql mostly, and others from "what works here fails using cron" etc. For instance cron and bash have their own nuances of escape sequences that require tweaks. – Drew Jun 11 '16 at 16:47

6 Answers6

10

To solve this problem change validate_password_policy value: ERROR 1819 (HY000): Your password does not satisfy the current policy requirements:

$ mysql -u root -p
mysql> SET GLOBAL validate_password_policy=LOW;

And grant privileges to your user:

mysql> grant all privileges on DB_NAME.* to 'USER_NAME'@'localhost' identified by 'USER_PASS';
mysql> FLUSH PRIVILEGES;
mysql> exit
$ sudo service mysql reload
$ brew services restart mysql
Cubiczx
  • 1,005
  • 11
  • 10
8

For me it work when I have added IDENTIFIED BY clause in the GRANT query. You need to use IDENTIFY BY clause when you don't have user already added to mysql.

GRANT ALTER,CREATE ON MyDB.* to 'UserName'@'%' IDENTIFIED BY 'UserPassword';
AnSh
  • 147
  • 1
  • 6
2

Eventually, the issue was related to some phantom definition of a user as described in here.

Community
  • 1
  • 1
FDavidov
  • 3,505
  • 6
  • 23
  • 59
2

This error some time occurs when you've changed some fields like user host or password but forgotten to flush privileges. So try:

mysql>flush privileges;

Andrew
  • 671
  • 2
  • 8
  • 21
0

The problem is as a result of the policy difference between your password and the server password policy, what you need to do is to reset the password policy of the server to match that no of your server. Type in the following commands to access the plug-in for the password policies

        Sudo MySQL
        msql> SHOW VARIABLES LIKE 'validate_password%';

This commands should take you to the table with the password policies of the MySQL server. Now you need to write down your password on a piece of paper and reset the server password policies to match that of your password. To do the type in the following commands.

          MySQL> SET GLOBAL validate_password_length = 5; ( this should be according to the length of your password)
          MySQL> SET GLOBAL validate_number_count = 0;
          MySQL> SET GLOBAL validate_password.policy =LOW;
          MySQL> SET GLOBAL validate_password_special_char_count = 0;

Note that there are other policies you could change to suit your current password needs. Incase you are using a password generator it's best to delete the password plug in all together, use the following commands in case you want to delete all password policies. MySQL> uninstall plugin validate_password;

Princejr
  • 146
  • 4
0

I was able to solve this ONLY by first adding the phpmyadmin database and user, then running the installation procedure and entering the same password for the phpmyadmin user there as well. Unfortunately, none of the apache configuration files were set up. I'm switchting to ubuntu from amazon linux 2.

Buttle Butkus
  • 9,206
  • 13
  • 79
  • 120