External gateway database silent install creating mysql user and reusing user password, Could not create database. An exception occurred, cannot use these credentials for 'user_id@%' because they contradict the password history policy
search cancel

External gateway database silent install creating mysql user and reusing user password, Could not create database. An exception occurred, cannot use these credentials for 'user_id@%' because they contradict the password history policy

book

Article ID: 408192

calendar_today

Updated On:

Products

CA API Gateway

Issue/Introduction

We are using software install, and automating installation with the silent install process.  We are in the process of enabling a MySQL password reuse history.  When we run the silent install it fails with this message:

Could not create database. An exception occurred: Cannot use these credentials for 'user_id@%' because they contradict the password history policy

we randomly generate a new password for each run, and have verified that the passwords do not match.

We are trying to understand what sql calls are happening for the user creation during silent install, and how it may be violating the password history policy.

Environment

ssg 11.x

Cause

MySql ALTER USER IF EXISTS command creates a row in the password_history with the user id and password in the ALTER USER IF EXISTS sql statement. 

mysql> ALTER USER IF EXISTS 'xxx'@'%' IDENTIFIED BY '1234' ;
Query OK, 0 rows affected, 1 warning (0.02 sec)
mysql> select * from mysql.password_history ;
+------+--------+----------------------------------------+------------------------------------------------------------------------------------------------------------------+
| Host | User | Password_timestamp              | Password                                                                                                                         |
+------+--------+----------------------------------------+------------------------------------------------------------------------------------------------------------------+
| %    | xxx     | 2025-08-13 13:37:41.302334 | $A$005$^Q!AdvgP{mvLkjwKifgOZW65MbbrvXPdnxBrYdR6XYPmQQequsSSZ9Mnt1 |
+------+--------+----------------------------------------+------------------------------------------------------------------------------------------------------------------+
1 row in set (0.00 sec)

So if global variable password_hsitory not equals 0, the next CREATE USER IF NOT EXIST or CREATE USER sql statement with the same password will cause the error: 

"Contradict the password history policy".

Resolution

Set password_history to 0 before run 

ALTER USER IF EXISTS and CREATE USER or CREATE USER IF NOT EXIST sql statements.  

set password_history to the value as before. 

or use the sql statement with password_history 0 clause: 

CREATE USER IF NOT EXISTS 'xyz'@'%' IDENTIFIED BY '1234' password history 0 ;

 

Powered by Wolken Software