You can log in without password through the shell terminal mysql -uroot, but log in with Navicat for mariadb error:1698 - Access denied for user 'root'@'localhost'
Server version: 10.1.38-MariaDB-0+deb9u1 Debian 9.8
MariaDB [mysql]> select user,host,plugin from user where user='root'\G;
*************************** 1. row ***************************
user: root
host: %
plugin: unix_socket
1 row in set (0.00 sec)
You can see that root only allows local unix socket logins.
About unix_socket introduction:
The unix_socket authentication plugin allows the user to use operating system credentials when connecting to MariaDB via the local Unix socket file. This Unix socket file is defined by the socket system variable.
The unix_socket authentication plugin works by calling the getsockopt system call with the SO_PEERCRED socket option, which allows it to retrieve the uid of the process that is connected to the socket. It is then able to get the user name associated with that uid. Once it has the user name, it will authenticate the connecting user as the MariaDB account that has the same user name.
From : https://mariadb.com/kb/en/authentication-plugin-unix-socket/
To solve this problem, we can modify the plugin field in the row of the root user in the mysql.user table to be empty. After the modification, root login from the shell terminal also requires a password. In order to avoid the trouble of forgetting the root password, I chose to create a new database user.
# myql -uroot
MariaDB [(none)]> use mysql;
Database changed
MariaDB [mysql]> create user 'sure'@'%' identified by '1234567'
Query OK, 0 rows affected (0.00 sec)
MariaDB [mysql]> select user,host,plugin from user;
+------+------+-------------+
| user | host | plugin |
+------+------+-------------+
| root | % | unix_socket |
| sure | % | |
+------+------+-------------+
MariaDB [mysql]> flush privileges;
Query OK, 0 rows affected (0.00 sec)
As you can see, the plugin field value of the newly created user sure is empty by default, and the problem is solved here.
When the plugin column is empty, MariaDB defaults to authenticating accounts with either the mysql_native_password or the mysql_old_password plugins. It decides which based on the hash used in the value for the Password column. When there’s no password set or when the 4.1 password hash is used, (which is 41 characters long), MariaDB uses the mysql_native_password plugin. The mysql_old_password plugin is used with pre-4.1 password hashes, (which are 16 characters long).
From: https://mariadb.com/kb/en/mysqluser-table/#authentication-plugin
Generally speaking, when the plugin field is empty, the default password-based login method will be used by default.
The meaning of the fields in the mysql.user table: https://mariadb.com/kb/en/mysqluser-table/
mariadb updates user password : https://www.techonthenet.com/mariadb/change_password.php