diff --git a/docs/en/docs/admin-manual/privilege-ldap/user-privilege.md b/docs/en/docs/admin-manual/privilege-ldap/user-privilege.md index 6409d792b5..2e5d4bc82f 100644 --- a/docs/en/docs/admin-manual/privilege-ldap/user-privilege.md +++ b/docs/en/docs/admin-manual/privilege-ldap/user-privilege.md @@ -236,9 +236,9 @@ ADMIN_PRIV and GRANT_PRIV have the authority of **"grant authority"** at the sam 5. Forget passwords - If you forget your password and cannot log in to Doris, you can log in to Doris without a password using the following command on the machine where the Doris FE node is located: + If you forget your password and cannot log in to Doris, you can add `skip_localhost_auth_check` in fe config so that logging to Doris without a password in localhost. - `mysql-client -h 127.0.0.1 -P query_port -uroot` + `skip_localhost_auth_check = true` After login, the password can be reset through the SET PASSWORD command. diff --git a/docs/zh-CN/docs/admin-manual/privilege-ldap/user-privilege.md b/docs/zh-CN/docs/admin-manual/privilege-ldap/user-privilege.md index 67d18654fc..b6b01a9e25 100644 --- a/docs/zh-CN/docs/admin-manual/privilege-ldap/user-privilege.md +++ b/docs/zh-CN/docs/admin-manual/privilege-ldap/user-privilege.md @@ -228,9 +228,9 @@ ADMIN_PRIV 和 GRANT_PRIV 权限同时拥有**授予权限**的权限,较为 5. 忘记密码 - 如果忘记了密码无法登陆 Doris,可以在 Doris FE 节点所在机器,使用如下命令无密码登陆 Doris: + 如果忘记了密码无法登陆 Doris,可以在 FE 的 config 文件中添加 `skip_localhost_auth_check` 参数,从而无密码在本机登陆 Doris: - `mysql-client -h 127.0.0.1 -P query_port -uroot` + `skip_localhost_auth_check = true` 登陆后,可以通过 SET PASSWORD 命令重置密码。 diff --git a/docs/zh-CN/docs/get-starting/get-starting.md b/docs/zh-CN/docs/get-starting/get-starting.md index ad4de7f5c5..a771d4062d 100644 --- a/docs/zh-CN/docs/get-starting/get-starting.md +++ b/docs/zh-CN/docs/get-starting/get-starting.md @@ -128,7 +128,7 @@ mysql -uroot -P9030 -h127.0.0.1 > >1. 这里使用的 root 用户是 doris 内置的默认用户,也是超级管理员用户,具体的用户权限查看 [权限管理](../admin-manual/privilege-ldap/user-privilege.md) >2. -P :这里是我们连接 Doris 的查询端口,默认端口是 9030,对应的是fe.conf里的 `query_port` ->3. -h : 这里是我们连接的 FE IP地址,如果你的客户端和 FE 安装在同一个节点可以使用127.0.0.1,这种也是 Doris 提供的如果你忘记 root 密码,可以通过这种方式不需要密码直接连接登录,进行对 root 密码进行重置 +>3. -h : 这里是我们连接的 FE IP地址,如果你的客户端和 FE 安装在同一个节点可以使用127.0.0.1。 执行下面的命令查看 FE 运行状态 diff --git a/fe/fe-common/src/main/java/org/apache/doris/common/Config.java b/fe/fe-common/src/main/java/org/apache/doris/common/Config.java index 7ecab22d8f..1f4bae9ad0 100644 --- a/fe/fe-common/src/main/java/org/apache/doris/common/Config.java +++ b/fe/fe-common/src/main/java/org/apache/doris/common/Config.java @@ -2135,5 +2135,12 @@ public class Config extends ConfigBase { */ @ConfField(mutable = true) public static boolean infodb_support_ext_catalog = false; + + /** + * If true, auth check will be disabled. The default value is false. + * This is to solve the case that user forgot the password. + */ + @ConfField(mutable = true) + public static boolean skip_localhost_auth_check = false; } diff --git a/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/Auth.java b/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/Auth.java index c32ad9d32c..c5ea83e483 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/Auth.java +++ b/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/Auth.java @@ -38,6 +38,7 @@ import org.apache.doris.cluster.ClusterNamespace; import org.apache.doris.common.AnalysisException; import org.apache.doris.common.AuthenticationException; import org.apache.doris.common.AuthorizationException; +import org.apache.doris.common.Config; import org.apache.doris.common.DdlException; import org.apache.doris.common.ErrorCode; import org.apache.doris.common.ErrorReport; @@ -170,8 +171,9 @@ public class Auth implements Writable { */ public void checkPassword(String remoteUser, String remoteHost, byte[] remotePasswd, byte[] randomString, List currentUser) throws AuthenticationException { - if ((remoteUser.equals(ROOT_USER) || remoteUser.equals(ADMIN_USER)) && remoteHost.equals("127.0.0.1")) { - // root and admin user is allowed to login from 127.0.0.1, in case user forget password. + if ((ROOT_USER.equals(remoteUser) || ADMIN_USER.equals(remoteUser)) && Config.skip_localhost_auth_check + && "127.0.0.1".equals(remoteHost)) { + // in case user forget password. if (remoteUser.equals(ROOT_USER)) { currentUser.add(UserIdentity.ROOT); } else {