Chapter 13 SQL Statements

13.7.1.10 SET PASSWORD Statement语句

SET PASSWORD [FOR user] auth_option
    [REPLACE 'current_auth_string']
    [RETAIN CURRENT PASSWORD]
auth_option: {
    = 'auth_string'
  | TO RANDOM
}

~~The SET PASSWORD statement assigns a password to a MySQL user account.~~ SET PASSWORD语句为MySQL用户帐户分配密码。~~The password may be either explicitly specified in the statement or randomly generated by MySQL.~~ 密码可以在语句中显式指定，也可以由MySQL随机生成。~~The statement may also include a password-verification clause that specifies the account current password to be replaced, and a clause that manages whether an account has a secondary password.~~ 该语句还可能包括一个密码验证子句，指定要替换的帐户当前密码，以及一个管理帐户是否具有辅助密码的子句。~~'auth_string' and 'current_auth_string' each represent a cleartext (unencrypted) password.~~'auth_string'和'current_auth_string'分别代表一个明文（未加密）密码。

~~Note~~注意

~~Rather than using SET PASSWORD to assign passwords, ALTER USER is the preferred statement for account alterations, including assigning passwords.~~ 与使用SET PASSWORD分配密码不同，ALTER USER是帐户更改（包括分配密码）的首选语句。~~For example:~~例如：

ALTER USER user IDENTIFIED BY 'auth_string';

~~Note~~注意

~~Clauses for random password generation, password verification, and secondary passwords apply only to accounts that use an authentication plugin that stores credentials internally to MySQL.~~ 用于随机密码生成、密码验证和辅助密码的条款仅适用于使用在MySQL内部存储凭据的身份验证插件的帐户。~~For accounts that use a plugin that performs authentication against a credentials system that is external to MySQL, password management must be handled externally against that system as well.~~ 对于使用插件对MySQL外部的凭据系统执行身份验证的帐户，密码管理也必须针对该系统进行外部处理。~~For more information about internal credentials storage, see Section 6.2.15, “Password Management”.~~有关内部凭证存储的更多信息，请参阅第6.2.15节，“密码管理”。

~~The REPLACE 'current_auth_string' clause performs password verification and is available as of MySQL 8.0.13. If given:~~REPLACE 'current_auth_string'子句执行密码验证，从MySQL 8.0.13开始提供。如果给出：

~~REPLACE specifies the account current password to be replaced, as a cleartext (unencrypted) string.~~REPLACE以明文（未加密）字符串的形式指定要替换的帐户当前密码。
The clause must be given if password changes for the account are required to specify the current password, as verification that the user attempting to make the change actually knows the current password.如果需要更改帐户密码以指定当前密码，则必须给出该子句，以验证试图进行更改的用户是否确实知道当前密码。
~~The clause is optional if password changes for the account may but need not specify the current password.~~如果帐户的密码更改可能但不需要指定当前密码，则该子句是可选的。
~~The statement fails if the clause is given but does not match the current password, even if the clause is optional.~~如果给定的子句与当前密码不匹配，则语句失败，即使该子句是可选的。
~~REPLACE can be specified only when changing the account password for the current user.~~只有在更改当前用户的帐户密码时，才能指定REPLACE。

~~For more information about password verification by specifying the current password, see Section 6.2.15, “Password Management”.~~有关通过指定当前密码进行密码验证的更多信息，请参阅第6.2.15节，“密码管理”。

~~The RETAIN CURRENT PASSWORD clause implements dual-password capability and is available as of MySQL 8.0.14.~~ RETAIN CURRENT PASSWORD子句实现了双密码功能，从MySQL 8.0.14开始提供。~~If given:~~如果给出：

~~RETAIN CURRENT PASSWORD retains an account current password as its secondary password, replacing any existing secondary password.~~ RETAIN CURRENT PASSWORD保留帐户当前密码作为其辅助密码，替换任何现有辅助密码。~~The new password becomes the primary password, but clients can use the account to connect to the server using either the primary or secondary password.~~ 新密码将成为主密码，但客户端可以使用该帐户使用主密码或辅助密码连接到服务器。~~(Exception: If the new password specified by the SET PASSWORD statement is empty, the secondary password becomes empty as well, even if RETAIN CURRENT PASSWORD is given.)~~（例外：如果SET PASSWORD语句指定的新密码为空，则辅助密码也将变为空，即使给定了RETAIN CURRENT PASSWORD。）
~~If you specify RETAIN CURRENT PASSWORD for an account that has an empty primary password, the statement fails.~~如果为主密码为空的帐户指定RETAIN CURRENT PASSWORD，则该语句将失败。
~~If an account has a secondary password and you change its primary password without specifying RETAIN CURRENT PASSWORD, the secondary password remains unchanged.~~如果一个帐户有一个辅助密码，而您在不指定RETAIN CURRENT PASSWORD的情况下更改了其主密码，则辅助密码将保持不变。

~~For more information about use of dual passwords, see Section 6.2.15, “Password Management”.~~有关使用双重密码的更多信息，请参阅第6.2.15节，“密码管理”。

SET PASSWORD ~~permits these auth_option syntaxes:~~允许以下auth_option语法：

= 'auth_string'

~~Assigns the account the given literal password.~~为帐户分配给定的文字密码。
TO RANDOM

~~Assigns the account a password randomly generated by MySQL.~~ 为帐户分配MySQL随机生成的密码。~~The statement also returns the cleartext password in a result set to make it available to the user or application executing the statement.~~该语句还将在结果集中返回明文密码，以使执行该语句的用户或应用程序可以使用该密码。

~~For details about the result set and characteristics of randomly generated passwords, see Random Password Generation.~~有关随机生成密码的结果集和特征的详细信息，请参阅随机密码生成。

~~Random password generation is available as of MySQL 8.0.18.~~从MySQL 8.0.18开始，可以随机生成密码。

~~Important~~重要

Under some circumstances, SET PASSWORD may be recorded in server logs or on the client side in a history file such as ~/.mysql_history, which means that cleartext passwords may be read by anyone having read access to that information. 在某些情况下，SET PASSWORD可能会记录在服务器日志中，或者记录在客户端的历史文件中，例如~/.mysql_history，这意味着任何有权读取该信息的人都可以读取明文密码。~~For information about the conditions under which this occurs for the server logs and how to control it, see Section 6.1.2.3, “Passwords and Logging”.~~ 有关服务器日志发生这种情况的条件以及如何控制它的信息，请参阅第6.1.2.3节，“密码和日志”。~~For similar information about client-side logging, see Section 4.5.1.3, “mysql Client Logging”.~~有关客户端日志记录的类似信息，请参阅第4.5.1.3节，“mysql客户端日志记录”。

SET PASSWORD ~~can be used with or without a FOR clause that explicitly names a user account:~~可以使用FOR子句，也可以不使用FOR子句来显式命名用户帐户：

~~With a FOR user clause, the statement sets the password for the named account, which must exist:~~使用FOR user子句，该语句为指定帐户设置密码，该帐户必须存在：
```
SET PASSWORD FOR 'jeffrey'@'localhost' = 'auth_string';
```
~~With no FOR user clause, the statement sets the password for the current user:~~不使用FOR user子句，该语句将为当前用户设置密码：
```
SET PASSWORD = 'auth_string';
```
~~Any client who connects to the server using a nonanonymous account can change the password for that account.~~ 任何使用非匿名帐户连接到服务器的客户端都可以更改该帐户的密码。~~(In particular, you can change your own password.)~~ （尤其是，您可以更改自己的密码。）~~To see which account the server authenticated you as, invoke the CURRENT_USER() function:~~要查看服务器将您验证为哪个帐户，请调用CURRENT_USER()函数：
```
SELECT CURRENT_USER();
```

~~If a FOR user clause is given, the account name uses the format described in Section 6.2.4, “Specifying Account Names”.~~ 如果给出了FOR user子句，则账户名称使用第6.2.4节，“指定账户名称”中描述的格式。~~For example:~~例如：

SET PASSWORD FOR 'bob'@'%.example.org' = 'auth_string';

~~The host name part of the account name, if omitted, defaults to '%'.~~帐户名的主机名部分（如果省略）默认为'%'。

SET PASSWORD interprets the string as a cleartext string, passes it to the authentication plugin associated with the account, and stores the result returned by the plugin in the account row in the mysql.user system table. 将字符串解释为明文字符串，将其传递给与帐户关联的身份验证插件，并将插件返回的结果存储在mysql.user系统表的帐户行中。~~(The plugin is given the opportunity to hash the value into the encryption format it expects. The plugin may use the value as specified, in which case no hashing occurs.)~~（插件有机会将值散列到它期望的加密格式中。插件可以使用指定的值，在这种情况下不会发生散列。）

~~Setting the password for a named account (with a FOR clause) requires the UPDATE privilege for the mysql system schema.~~ 为命名帐户（带有FOR子句）设置密码需要mysql系统架构的UPDATE权限。~~Setting the password for yourself (for a nonanonymous account with no FOR clause) requires no special privileges.~~为自己设置密码（对于没有FOR子句的非匿名帐户）不需要特殊权限。

~~Statements that modify secondary passwords require these privileges:~~修改辅助密码的语句需要以下权限：

~~The APPLICATION_PASSWORD_ADMIN privilege is required to use the RETAIN CURRENT PASSWORD clause for SET PASSWORD statements that apply to your own account.~~ 对于应用于您自己帐户的SET PASSWORD语句，使用RETAIN CURRENT PASSWORD子句需要APPLICATION_PASSWORD_ADMIN权限。~~The privilege is required to manipulate your own secondary password because most users require only one password.~~由于大多数用户只需要一个密码，因此需要该权限来操作自己的辅助密码。
~~If an account is to be permitted to manipulate secondary passwords for all accounts, it should be granted the CREATE USER privilege rather than APPLICATION_PASSWORD_ADMIN.~~如果允许一个帐户操作所有帐户的辅助密码，则应授予该帐户CREATE USER权限，而不是APPLICATION_PASSWORD_ADMIN权限。

~~When the read_only system variable is enabled, SET PASSWORD requires the CONNECTION_ADMIN privilege (or the deprecated SUPER privilege), in addition to any other required privileges.~~启用read_only系统变量时，除了任何其他必需的权限外，SET PASSWORD还需要CONNECTION_ADMIN权限（或不推荐使用的SUPER权限）。

~~For additional information about setting passwords and authentication plugins, see Section 6.2.14, “Assigning Account Passwords”, and Section 6.2.17, “Pluggable Authentication”.~~有关设置密码和身份验证插件的更多信息，请参阅第6.2.14节，“分配帐户密码”和第6.2.17节，“可插入身份验证”。