Error
Error Code:
1820
MariaDB Error 1820: Mandatory Password Change Required
Description
This error indicates that the current MariaDB user account has a temporary, expired, or administrator-reset password that must be changed immediately. It prevents the execution of any SQL statements (except password-setting commands) until a new, valid password has been set. This is a critical security measure to ensure account integrity.
Error Message
You must SET PASSWORD before executing this statement
Known Causes
4 known causesNew User Account Initialization
Newly created user accounts are often assigned a temporary password that requires an immediate change upon first login for enhanced security.
Password Expiration Policy
The MariaDB server or security policy may enforce password expiration, requiring users to set a new password after a defined period or number of logins.
Administrator-Forced Password Reset
A database administrator may have reset the user's password and explicitly marked it to be changed by the user on their next login.
Account Flagged for Password Change
The user account's internal status in MariaDB is explicitly set to require a password change before any other operations can proceed.
Solutions
3 solutions available1. Immediate Password Reset for Current User easy
Resets the password for the user currently logged in, fulfilling the mandatory change requirement.
1
Connect to your MariaDB server as the user experiencing the error. You will likely be prompted for the current password.
2
Once connected, immediately set a new password. Replace 'your_new_password' with your desired strong password.
SET PASSWORD = PASSWORD('your_new_password');3
Verify the password change by attempting to execute another statement, such as showing databases.
SHOW DATABASES;2. Admin Resetting Another User's Password medium
Allows a privileged user (like root) to force a password change for another user.
1
Connect to your MariaDB server as a user with sufficient privileges (e.g., root).
2
Use the `ALTER USER` statement to set a new password for the target user. Replace 'username' with the actual username and 'your_new_password' with the desired new password.
ALTER USER 'username'@'localhost' IDENTIFIED BY 'your_new_password';3
Alternatively, if the user has a password set but needs to be forced to change it on next login, use `ALTER USER` with `PASSWORD EXPIRE`.
ALTER USER 'username'@'localhost' PASSWORD EXPIRE;4
The user will then be prompted to set a new password upon their next successful login.
3. Disabling Mandatory Password Change (for testing or specific scenarios) advanced
Temporarily or permanently disables the requirement for users to change passwords on their first login.
1
Connect to your MariaDB server as a privileged user (e.g., root).
2
To disable the mandatory change for a specific user, use the `ALTER USER` statement to remove the `PASSWORD EXPIRE` clause.
ALTER USER 'username'@'localhost' NOT IDENTIFIED BY 'current_password';
-- If the user was previously forced to change password, you might need to reset it first if it was expired.3
To disable this globally for all new users, you can modify the `default_password_lifetime` system variable. Set it to 0 to disable expiration.
SET GLOBAL default_password_lifetime = 0;4
For the change to persist across server restarts, you'll need to update your MariaDB configuration file (e.g., `my.cnf` or `mariadb.conf.d/50-server.cnf`) and add or modify the following line under the `[mysqld]` section:
[mysqld]
default_password_lifetime = 05
After modifying the configuration file, restart the MariaDB service for the changes to take effect.
sudo systemctl restart mariadb