We've recently upgraded from MySQL Percona 5.7 to 8 and we're in the phase of transitioning from mysql_native_password to caching_sha2_password.
As far as I understand, the only way to upgrade the Plugin is with the below query, and if no password is supplied, an empty one will.
mysql> ALTER USER 'user'@'host' IDENTIFIED WITH caching_sha2_password BY 'password';
The two questions I have are the following.
However prior any changes, is the debian-sys-maint still relevant in Stretch - MySQL 8 ? What would it imply to remove that account ? Considering that root has replaced it over the years, and on a fresh new install on another Stretch, it doesn't exist anymore.
Similar situation with the mysql.session that didn't migrate to caching_sha2_password during the upgrade, would it be fine to change his plugin without setting any password ?
+-----------+---------------+-----------------------+-------------------------------------------+
| Host | User | plugin | authentication_string |
+-----------+---------------+-----------------------+-------------------------------------------+
| localhost | mysql.session | mysql_native_password | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
+-----------+---------------+-----------------------+-------------------------------------------+
So long as the root MySQL account uses
unix_authauthentication plugin (so no password required for root user to log into MySQL) then you should be fine to remove thedebian-sys-maintuser.Note that as of Debian 9/Stretch by default, it no longer exists of you install MariaDB from the default repos.
If you don't have
unix_authauthentication enabled for the root user, it may still work ok, although some automated functionality may no longer work.