github.com/cockroachdb/cockroach@v20.2.0-alpha.1+incompatible/pkg/sql/pgwire/testdata/auth/password_change (about) 1 # These tests verify that changing a user's password also causes 2 # further authentications to take the new password into account. 3 4 config secure 5 ---- 6 7 subtest regular_user 8 9 sql 10 CREATE USER userpw WITH PASSWORD 'pass' 11 ---- 12 ok 13 14 # sanity check: without a password, auth is denied. 15 connect user=userpw 16 ---- 17 ERROR: password authentication failed for user userpw 18 19 # with the proper pass, auth succeeds. 20 connect user=userpw password=pass 21 ---- 22 ok defaultdb 23 24 # Changing the password causes the previous password to fail 25 # and the new one to succeed. 26 27 sql 28 ALTER USER userpw WITH PASSWORD 'pass2' 29 ---- 30 ok 31 32 connect user=userpw password=pass 33 ---- 34 ERROR: password authentication failed for user userpw 35 36 connect user=userpw password=pass2 37 ---- 38 ok defaultdb 39 40 41 # Erasing the password forces cert authentication. 42 43 sql 44 ALTER USER userpw WITH PASSWORD NULL 45 ---- 46 ok 47 48 connect user=userpw password=pass2 49 ---- 50 ERROR: password authentication failed for user userpw 51 52 connect user=userpw 53 ---- 54 ERROR: password authentication failed for user userpw 55 56 subtest end 57 58 subtest root_pw 59 60 # By default root cannot log in with a password. 61 connect user=root sslmode=require sslcert= sslkey= 62 ---- 63 ERROR: password authentication failed for user root 64 65 connect_unix user=root 66 ---- 67 ERROR: password authentication failed for user root 68 69 70 # However if we give them a password, they can log in with password. 71 sql 72 ALTER USER root WITH PASSWORD 'secureabc' 73 ---- 74 ok 75 76 # Then they can log in. 77 connect user=root password=secureabc sslmode=require sslcert= sslkey= 78 ---- 79 ok defaultdb 80 81 connect_unix user=root password=secureabc 82 ---- 83 ok defaultdb 84 85 subtest end