<p>MySQL raises error 1699 when SET PASSWORD is executed for an account that authenticates through a non-password plugin such as auth_socket.</p>
<p>MySQL Error 1699: ER_SET_PASSWORD_AUTH_PLUGIN appears when SET PASSWORD targets a user that logs in through an authentication plugin instead of a stored password. Skip the command or switch the account to mysql_native_password to resolve the issue.</p>
SET PASSWORD has no significance for users authenticating
MySQL throws error 1699 (SQLSTATE HY000) with message "SET PASSWORD has no significance for users authenticating via plugins" when the SET PASSWORD statement targets an account that logs in through an authentication plugin that does not rely on a stored password, for example auth_socket or ldap_auth.
The server refuses the password change because the plugin, not the mysql.user password field, validates the login. As a result, altering the password would have no effect, so MySQL blocks the request and raises the error instead of silently ignoring it.
The error is triggered whenever SET PASSWORD references a user account whose plugin column is set to a mechanism that bypasses the mysql_native_password or caching_sha2_password schemes. Common examples include unix_socket, auth_socket, AWSAuthenticationPlugin, and PAM based plugins.
It can also appear inside GUI tools or automation scripts that attempt to rotate passwords in bulk without first checking the authentication_plugin value for each account. Upgrading from earlier MySQL versions, where accounts inherited plugins, may reveal the issue during password resets.
Choose whether you want the account to keep plugin based authentication or switch back to a password based plugin. If plugin authentication is desired, simply skip the SET PASSWORD command. If a password is required, alter the account to mysql_native_password or caching_sha2_password and then set a password.
After migrating the plugin, run ALTER USER or SET PASSWORD again. Ensure that the account has sufficient privileges and that the change is executed on the correct host pattern ('user'@'host').
System administrators often hit the error when resetting the root account on Ubuntu, where root authenticates with auth_socket. The fix is to switch root to mysql_native_password before changing the password.
CI pipelines that rotate passwords for all service accounts may fail if one service relies on a plugin such as AWS IAM. Add a filter step to skip plugin accounts or manage their credentials with the plugin specific tools instead of SET PASSWORD.
Audit the mysql.user table regularly and record the authentication_plugin for every account. Label plugin accounts clearly and exclude them from automated password rotations.
For new users, decide on the authentication mechanism at creation time: use CREATE USER ... IDENTIFIED WITH to make the choice explicit. Maintain separate playbooks for password and plugin credential management to prevent accidental misuse of SET PASSWORD.
Error 1698 (Access denied for user 'root'@'localhost'): appears when the socket plugin prevents password login. Switch plugins or use sudo mysql to connect.
Error 1819 (Your password does not satisfy the current policy requirements): occurs during password changes that violate validate_password rules. Provide a stronger password or relax the policy.
Accounts mapped to the operating system user via auth_socket ignore MySQL stored passwords. Running SET PASSWORD against such accounts triggers error 1699 immediately.
Automation that calls SET PASSWORD for every account without verifying authentication_plugin will fail on any plugin based account, halting the entire rotation process.
After upgrading MySQL, some accounts may inherit third party plugins like AWSAuthenticationPlugin. Attempts to reset their password using legacy scripts raise error 1699.
Occurs when logging in with a password for an auth_socket account. Fix by changing plugin or connecting through the socket mechanism.
Raised when the new password violates validate_password or component_password_validate policies. Provide a stronger password or adjust the policy variables.
Appears when you attempt to create an account that already exists. Use IF NOT EXISTS or DROP USER before creation.
If the account truly authenticates only through a plugin, you can safely ignore the error and remove the SET PASSWORD statement.
No. ALTER USER with IDENTIFIED WITH allows you to change both the plugin and the password in one command, avoiding error 1699.
Yes. Switching plugins forces the client to reconnect using the new authentication method. Plan for a brief outage or perform the change during maintenance windows.
Galaxy flags failed statements in real time and highlights accounts using non password plugins, so engineers can adjust their scripts before running them.
.avif)
.avif){kind=logo}
