How to disable Synology MariaDB password policy

 

With release 10.3.21 Synology added an annoying password policy plugin that loads with Maria DB.

If you'd like to change your complex password back to something for example without upper case characters, do the following:

1. Stop Maria DB service

Either via Package Center or via command line: synoservice --stop pkgctl-MariaDB10

2. Edit /var/packages/MariaDB10/target/usr/local/mariadb10/etc/mysql/my.cnf

Comment out (add # sign) for:

#synology_password_check = FORCE_PLUS_PERMANENT
#plugin_load_add = synology_password_check

The first line tells mysql that the plugin named synology_password_check must not be uninstalled.
The second line actually loads the plugin on sql startup.

3. Start Maria DB service

Either via Package Center or via command line: synoservice --start pkgctl-MariaDB10

3. Run the following commands:

cd /var/packages/MariaDB10/target/usr/local/mariadb10/bin
./mysql -h localhost -p
--> ENTER THE PASSWORD YOU PROVIDED WHEN YOU INSTALLED MARIA DB
use mysql;
update user SET PASSWORD=PASSWORD("YOUR_ROOT_PASSWORD_HERE") WHERE USER='root';
flush privileges;
set password = password("YOUR_ADMIN_PASSWORD_HERE");
exit;

4. Allow root access from other hosts / or local private IP:

cd /var/packages/MariaDB10/target/usr/local/mariadb10/bin
./mysql -h localhost -p
 --> ENTER THE PASSWORD YOU PROVIDED WHEN YOU INSTALLED MARIA DB
use mysql;
show grants for root@localhost;
The output contains a line saying "GRANT ALL....". Copy and paste, and replace localhost with the desired ip. Then run this command. For example:
GRANT ALL PRIVILEGES ON *.* TO 'root'@'192.168.0.4' IDENTIFIED BY PASSWORD '*FGR4573JKHRDH567CGHJ3E671E40' WITH GRANT OPTION;
flush privileges;
exit;

5. Let the sql server listen on TCP port 3307

By the default TCP is disabled. You can enable this via package center (open Maria DB and tick the check box) or edit this file:

/var/packages/MariaDB10/etc/synology.cnf

Change:

skip_networking=1

to:

skip_networking=0