Root can not change the password, is a BUG?

In the NO SSL environment, root can not change the password. Hope that the official solution out.

Because many scenes, do not need SSL encryption, not a must

Hey @hiller1! A few things about security with CockroachDB:

  • We recommend using SSL certificates for everything besides local tests. We’ve tried to make this as easy as possible by including a full set of CA/SSL tools in the cockroach binary itself. For help with that, see Create Security Certificates
  • Insecure clusters do not support password authentication, so even if you created another user, you would still not limit access to your cluster with a password. (You can still set passwords on insecure clusters, they’re just not used at all).
  • As you noticed, you cannot change the root user’s password. That’s by design and not a bug––the idea being that your root user should have the tightest security possible and passwords provide weaker security than SSL certificates.

If you have any other questions, let me know!

-Sean

1 Like