To enhance security, MySQL 5.7 randomly generates a password for the root user. In the error log, if the RPM package is installed, the default is/var/log/ mysqld.log .

Generally, it can be accessed through log_ Error setting

mysql&> select @@log_error;
+---------------------+
| @@log_error         |
+---------------------+
| /var/log/mysqld.log |
+---------------------+
1 row in set (0.00 sec)

It can be accessed through # grep "password/var/log/ mysqld.log The command gets the temporary password of MySQL

2016-01-19T05:16:36.218234Z 1 [Note] A temporary password is generated for root@localhost: waQ,qR%be2(5

After logging in to the server with this password, you must change the password immediately, otherwise the following error will be reported:

mysql&> select user();
ERROR 1820 (HY000): You must reset your password using ALTER USER statement before executing this statement.

If the password is changed to a simple one, the following error will be reported:

mysql&>  ALTER USER USER() IDENTIFIED BY '12345678';
ERROR 1819 (HY000): Your password does not satisfy the current policy requirements

This is actually related to validate_ password_ Policy.

validate_ password_ Policy has the following values:

Policy	Tests Performed
0 or LOW	Length
1 or MEDIUM	Length; numeric, lowercase/uppercase, and special characters
2 or STRONG	Length; numeric, lowercase/uppercase, and special characters; dictionary file

The default is 1, that is medium, so the password set at the beginning must conform to the length, and must contain numbers, lowercase or uppercase letters, and special characters.

Sometimes, just for testing, I don’t want to set the password so complicated. For example, I just want to set the password of root as 123456.

Two global parameters must be modified:

First, modify validate_ password_ The value of the policy parameter

mysql&> set global validate_password_policy=0;
Query OK, 0 rows affected (0.00 sec)

In this way, the standard of judging the password is based on the length of the password. This is done by validate_ password_ Length parameter.

mysql&> select @@validate_password_length;
+----------------------------+
| @@validate_password_length |
+----------------------------+
|                          8 |
+----------------------------+
1 row in set (0.00 sec)

validate_ password_ The length parameter is 8 by default. It has a minimum value of:

validate_password_number_count
+ validate_password_special_char_count
+ (2 * validate_password_mixed_case_count)

Among them, validate_ password_ number_ Count specifies the length of the data in the password_ password_ special_ char_ Count specifies the length of the special characters in the password_ password_ mixed_ case_ Count specifies the length of the uppercase and lowercase letters in the password.

For these parameters, the default value is 1, so validate_ password_ The minimum length is 4, if you explicitly specify validate_ password_ The value of length is less than 4, although no error will be reported, but validate_ password_ The value of length will be set to 4. As follows:

mysql&> select @@validate_password_length;
+----------------------------+
| @@validate_password_length |
+----------------------------+
|                          8 |
+----------------------------+
1 row in set (0.00 sec)

mysql&> set global validate_password_length=1;
Query OK, 0 rows affected (0.00 sec)

mysql&> select @@validate_password_length;
+----------------------------+
| @@validate_password_length |
+----------------------------+
|                          4 |
+----------------------------+
1 row in set (0.00 sec)

If validate is modified_ password_ number_ count，validate_ password_ special_ char_ count，validate_ password_ mixed_ case_ Count, then validate_ password_ The length will be dynamically modified.

mysql&> select @@validate_password_length;
+----------------------------+
| @@validate_password_length |
+----------------------------+
|                          4 |
+----------------------------+
1 row in set (0.00 sec)

mysql&> select @@validate_password_mixed_case_count;
+--------------------------------------+
| @@validate_password_mixed_case_count |
+--------------------------------------+
|                                    1 |
+--------------------------------------+
1 row in set (0.00 sec)

mysql&> set global validate_password_mixed_case_count=2;
Query OK, 0 rows affected (0.00 sec)

mysql&> select @@validate_password_mixed_case_count;
+--------------------------------------+
| @@validate_password_mixed_case_count |
+--------------------------------------+
|                                    2 |
+--------------------------------------+
1 row in set (0.00 sec)

mysql&> select @@validate_password_length;
+----------------------------+
| @@validate_password_length |
+----------------------------+
|                          6 |
+----------------------------+
1 row in set (0.00 sec)

Of course, the premise is validate_ The password plug-in must have been installed, and MySQL 5.7 is installed by default.

So how to verify validate_ Is the password plug-in installed?You can check the following parameters. If not installed, the output will be empty.

mysql&> SHOW VARIABLES LIKE 'validate_password%';
+--------------------------------------+-------+
| Variable_name                        | Value |
+--------------------------------------+-------+
| validate_password_dictionary_file    |       |
| validate_password_length             | 6     |
| validate_password_mixed_case_count   | 2     |
| validate_password_number_count       | 1     |
| validate_password_policy             | LOW   |
| validate_password_special_char_count | 1     |
+--------------------------------------+-------+
6 rows in set (0.00 sec)