📋

Description

This error indicates that MySQL cannot retain a user's current password when their authentication plugin is being changed. When switching authentication plugins (e.g., from `mysql_native_password` to `caching_sha2_256`), MySQL requires a new password to be set or explicitly reset, as the old password's hash is incompatible with the new plugin's hashing algorithm.

💬

Error Message

Current password can not be retained for user '%s'@'%s' because authentication plugin is being changed.

🔍

Known Causes

3 known causes

⚠️

Attempting to Retain Password During Plugin Change

A command (e.g., `ALTER USER`) tried to modify a user's authentication plugin while simultaneously attempting to keep the existing password, which is an unsupported operation.

⚠️

Implicit Password Retention by Tool/Script

A client application or script implicitly tried to retain the user's password when executing an `ALTER USER` statement that also changed the authentication plugin.

⚠️

Misunderstanding of ALTER USER Syntax

The `ALTER USER` statement was incorrectly constructed to change both the authentication plugin and specify the old password, creating a conflict.

🛠️

Solutions

3 solutions available

1. Re-authenticate with New Plugin easy

The user needs to explicitly re-authenticate after the plugin change.

1

Log out of the MySQL client.

2

Log back in, providing the password. MySQL will prompt for the password if not explicitly provided.

mysql -u your_user -h your_host -p

3

When prompted, enter the user's current password. This will implicitly associate the password with the new authentication plugin.

2. Explicitly Set Password with New Plugin medium

Forcefully set the user's password, which will automatically use the new authentication plugin.

1

Connect to the MySQL server as a user with sufficient privileges (e.g., root).

mysql -u root -p

2

Execute the `ALTER USER` statement, specifying the new authentication plugin and the user's password. Replace `your_user`, `your_host`, `your_new_plugin`, and `your_password` with appropriate values.

ALTER USER 'your_user'@'your_host' IDENTIFIED WITH 'your_new_plugin' BY 'your_password';

3

If you only want to change the plugin without changing the password, you can omit the `BY 'your_password'` clause, but this might not always resolve the retention issue directly. It's generally safer to re-set the password to ensure proper association.

ALTER USER 'your_user'@'your_host' IDENTIFIED WITH 'your_new_plugin';

4

Flush privileges to ensure the changes are applied immediately.

FLUSH PRIVILEGES;

3. Drop and Recreate User with New Plugin advanced

A more drastic but guaranteed solution is to remove and re-add the user with the desired plugin.

1

Connect to the MySQL server as a user with sufficient privileges (e.g., root).

mysql -u root -p

2

Note the user's existing grants to reapply them later.

SHOW GRANTS FOR 'your_user'@'your_host';

3

Drop the existing user.

DROP USER 'your_user'@'your_host';

4

Recreate the user with the desired authentication plugin and password. Replace `your_user`, `your_host`, `your_new_plugin`, and `your_password`.

CREATE USER 'your_user'@'your_host' IDENTIFIED WITH 'your_new_plugin' BY 'your_password';

5

Reapply the grants that were noted in step 2. Adapt the grant statements as needed.

GRANT SELECT, INSERT ON your_database.* TO 'your_user'@'your_host';

6

Flush privileges.

FLUSH PRIVILEGES;

🔗

Related Errors

5 related errors

MySQL Error 3894: Password Retention on Plugin Change