Each account name uses the format described in
Section 6.2.3, “Specifying Account Names”. If you specify only the user
name part of the account name, a host name part of
'%' is used. It is also possible to specify
CURRENT_USER() to refer to the
account associated with the current session.
For each account,
expires its password. For example:
ALTER USER 'jeffrey'@'localhost' PASSWORD EXPIRE;
Password expiration for an account affects the corresponding row
mysql.user table: The server sets the
password_expired column to
A client session operates in restricted mode if the account password has been expired. In restricted mode, operations performed within the session result in an error until the user establishes a new account password:
SELECT 1;ERROR 1820 (HY000): You must SET PASSWORD before executing this statement mysql>
SET PASSWORD = PASSWORD('Query OK, 0 rows affected (0.01 sec) mysql>
SELECT 1;+---+ | 1 | +---+ | 1 | +---+ 1 row in set (0.00 sec)
As of MySQL 5.6.8, this restricted mode of operation permits
statements, which is useful if the account password has a
hashing format that requires
old_passwords to be set to a
value different from its default before using
It is possible for an administrative user to reset the account password, but any existing sessions for the account remain restricted. A client using the account must disconnect and reconnect before statements can be executed successfully.
It is possible to “reset” a password by setting it to its current value. As a matter of good policy, it is preferable to choose a different password.