创建用户及密码问题汇总mysql

一、创建新用户能看到却连不上

场景:
通过mysqldump导出，迁移到新实例导入用户，能在用户表里面看到已有用户，但是连不上

[root@master1 ~]# mysqldump -uroot -pxxxxxxx --set-gtid-purged=off --single-transaction 
mysql user --where='user="test_user"' -t > user.sql
[root@master1 ~]# cat user.sql 
-- MySQL dump 10.13  Distrib 8.0.32, for Linux (x86_64)
--
-- Host: localhost    Database: mysql
-- ------------------------------------------------------
-- Server version	8.0.32

/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;
/*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */;
/*!50503 SET NAMES utf8mb4 */;
/*!40103 SET @OLD_TIME_ZONE=@@TIME_ZONE */;
/*!40103 SET TIME_ZONE='+00:00' */;
/*!40014 SET @OLD_UNIQUE_CHECKS=@@UNIQUE_CHECKS, UNIQUE_CHECKS=0 */;
/*!40014 SET @OLD_FOREIGN_KEY_CHECKS=@@FOREIGN_KEY_CHECKS, FOREIGN_KEY_CHECKS=0 */;
/*!40101 SET @OLD_SQL_MODE=@@SQL_MODE, SQL_MODE='NO_AUTO_VALUE_ON_ZERO' */;
/*!40111 SET @OLD_SQL_NOTES=@@SQL_NOTES, SQL_NOTES=0 */;

--
-- Dumping data for table `user`
--
-- WHERE:  user="test_user"

LOCK TABLES `user` WRITE;
/*!40000 ALTER TABLE `user` DISABLE KEYS */;
INSERT INTO `user` VALUES ('%','test_user','N','N','N','N','N','N','N','N','N','N','N','N','N','N','N','N','N','N','N','N','N','N','N','N','N','N','N','N','N','','','','',0,0,0,0,'mysql_native_password','*BCF4F28E525ED7EE4664FFFF4DAE13EC14A6ABE1','N','2023-04-24 02:42:01',NULL,'N','N','N',NULL,NULL,NULL,NULL);
/*!40000 ALTER TABLE `user` ENABLE KEYS */;
UNLOCK TABLES;
/*!40103 SET TIME_ZONE=@OLD_TIME_ZONE */;

/*!40101 SET SQL_MODE=@OLD_SQL_MODE */;
/*!40014 SET FOREIGN_KEY_CHECKS=@OLD_FOREIGN_KEY_CHECKS */;
/*!40014 SET UNIQUE_CHECKS=@OLD_UNIQUE_CHECKS */;
/*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */;
/*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */;
/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;
/*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */

新实例
[root@master1 ~]# mysql -uroot -pxxxxxx mysql <user.sql
mysql: [Warning] Using a password on the command line interface can be insecure.
[root@master1 ~]# mysql -uroot -pxxxxxx mysql -e'select user,host from mysql.user where user="test_user"'
mysql: [Warning] Using a password on the command line interface can be insecure.
+-----------+------+
| user      | host |
+-----------+------+
| test_user | %    |
+-----------+------+
[root@master1 ~]# mysql -utest_user -pTest@123
mysql: [Warning] Using a password on the command line interface can be insecure.
ERROR 1045 (28000): Access denied for user 'test_user'@'localhost' (using password: YES)

解决：
mysqldump导出的用户，是用insert 方式插入到mysql.user表，虽然能查询看到，但是内存权限表还是旧的，需要重新加载内存权限表。--flush privileges;

[root@master1 ~]# mysql -uroot -pxxxxxx mysql -e'flush privileges;'
mysql: [Warning] Using a password on the command line interface can be insecure.
[root@master1 ~]# mysql -utest_user -pTest@123
mysql: [Warning] Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 31
Server version: 8.0.32 MySQL Community Server - GPL

Copyright (c) 2000, 2023, Oracle and/or its affiliates.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql>

二、不知道原密码情况下迁移用户登录失败

场景：
迁移数据库用户的时候，会根据authentication_string字段查到的加密信息创建用户，然后登录失败

原实例
mysql> select user,host,plugin,authentication_string from mysql.user where user='test_user';
+------------------+---------------+-----------------------+------------------------------------------------------------------------+
| user             | host          | plugin                | authentication_string                                                  |
+------------------+---------------+-----------------------+------------------------------------------------------------------------+
| test_user        | %             | mysql_native_password | *BCF4F28E525ED7EE4664FFFF4DAE13EC14A6ABE1                              |
+------------------+---------------+-----------------------+------------------------------------------------------------------------+
8 rows in set (0.00 sec)

新实例
mysql>create user test_user@'%' identified by '*BCF4F28E525ED7EE4664FFFF4DAE13EC14A6ABE1';
mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)
mysql> \q
Bye
[root@master1 ~]# mysql -utest_user -pTest@123
mysql: [Warning] Using a password on the command line interface can be insecure.
ERROR 1045 (28000): Access denied for user 'test_user'@'localhost' (using password: YES)

解决：
通过authentication_string查询到的加密串，需要用with plugin as 的方式创建用户，才会保持原密码不变

WITH mysql_native_password  as

mysql> drop user test_user@'%';
Query OK, 0 rows affected (0.00 sec) 
mysql> create user test_user@'%' identified WITH mysql_native_password  as '*BCF4F28E525ED7EE4664FFFF4DAE13EC14A6ABE1';
Query OK, 0 rows affected (0.00 sec)

mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)

mysql> \q
Bye
[root@master1 ~]# mysql -utest_user -pTest@123
mysql: [Warning] Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 13
Server version: 8.0.32 MySQL Community Server - GPL

Copyright (c) 2000, 2023, Oracle and/or its affiliates.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql>

三、创建用户报错

场景:
通过authentication_string查询到的加密串,用as来创建用户，报错

mysql> create user test_user@'%' identified WITH mysql_native_password  as '$A$005$THISISACOMBINATIONOFINVALIDSALTANDPASSWORDTHATMUSTNEVERBRBEUSED';
ERROR 1827 (HY000): The password hash doesn't have the expected format.

解决：
通过authentication_string查询到的加密串来创建用户，需要注意plugin的不同，当plugin是mysql_native_password时authentication_string加密串长度是41，当plugin是caching_sha2_password的authentication_string加密串长度是70。--WITH caching_sha2_password  as

mysql> select user,host,plugin,authentication_string,length(authentication_string) length from mysql.user;
+------------------+---------------+-----------------------+------------------------------------------------------------------------+--------+
| user             | host          | plugin                | authentication_string                                                  | length |
+------------------+---------------+-----------------------+------------------------------------------------------------------------+--------+
| root             | %             | mysql_native_password | *098E13F0BBC737BD4608363FE8A0A13A348F3934                              |     41 |
| donor_user       | 192.168.137.% | mysql_native_password | *2470C0C06DEE42FD1618BB99005ADCA2EC9D1E19                              |     41 |
| repl             | 192.168.137.% | mysql_native_password | *A424E797037BF97C19A2E88CF7891C5C2038C039                              |     41 |
| mysql.infoschema | localhost     | caching_sha2_password | $A$005$THISISACOMBINATIONOFINVALIDSALTANDPASSWORDTHATMUSTNEVERBRBEUSED |     70 |
| mysql.session    | localhost     | caching_sha2_password | $A$005$THISISACOMBINATIONOFINVALIDSALTANDPASSWORDTHATMUSTNEVERBRBEUSED |     70 |
| mysql.sys        | localhost     | caching_sha2_password | $A$005$THISISACOMBINATIONOFINVALIDSALTANDPASSWORDTHATMUSTNEVERBRBEUSED |     70 |
| root             | localhost     | mysql_native_password | *613997A8B0E1757211BDC25E3E8D0F5A1C0428B2                              |     41 |
+------------------+---------------+-----------------------+------------------------------------------------------------------------+--------+
mysql> create user test_user@'%' identified WITH caching_sha2_password  as '$A$005$THISISACOMBINATIONOFINVALIDSALTANDPASSWORDTHATMUSTNEVERBRBEUSED';
Query OK, 0 rows affected, 1 warning (0.00 sec)