[Bug]: Superuser cannot reset password without providing the old one.

[john-doe4]

Is there an existing issue for this?

• I have searched the existing issues

Environment

- Milvus version: v2.4.15
- Deployment mode(standalone or cluster):cluster
- MQ type(rocksmq, pulsar or kafka): pulsar    
- SDK version(e.g. pymilvus v2.0.0rc2): pymilvus v2.5.5
- OS(Ubuntu or CentOS): Amazon Linux 2023.6.20250218

Current Behavior

I am trying to reset the root user's password because I forgot my password after updating the default one.
According to this document, I have explicitly set superUsers in milvus.yaml as follows:

security:
  authorizationEnabled: true
  superUsers: root, admin

I have created a user named admin, and set it as a superuser.
I expected that the admin user (as a superuser) would be able to reset root user's password.
However, this didn't work.

(Since changing authorizationEnabled to true or false took effect, I believe the settings in milvus.yaml are being applied.)

How can I update the root password without having the old one?

Expected Behavior

A user listed in superUsers (such as admin) should be able to reset the root password without providing the old one.

Steps To Reproduce

1. Log in as "admin" (a superuser).
2. Attempt to update the password for root:

from pymilvus import connections, utility

# Connect as another superuser
connections.connect(
    host="****",
    port="****",
    user="admin",
    password="****"
)

# Attempt to update root's password
utility.update_password(user="root", old_password="", new_password="new_password")

3. This results in the following error:

    raise MilvusException(status.code, status.reason, status.error_code)
pymilvus.exceptions.MilvusException: <MilvusException: (code=1400, message=old password not correct for root: not authenticated)>

Additionally, when I try to update the root user's password without providing the old_password parameter, I get another error:

utility.reset_password(user="root", new_password="milvus")

TypeError: update_password() missing 1 required positional argument: 'old_password'

4. Similarly, when I try to update the admin's password without the old one, I get the same error:

# this doesn't work
utility.update_password(user="admin", old_password="", new_password="new_password")

# this also doesn't work
utility.reset_password(user="admin", new_password="new_password")

Milvus Log

No response

Anything else?

No response

[dosubot]

Hey @john-doe4! I'm here to help you with any bugs, questions, or contributions you have for Milvus. Let's tackle this issue together!

The issue you're encountering seems to be related to the configuration and functionality of the update_password and reset_password functions in Milvus. According to the Milvus documentation, superusers should be able to reset their passwords without providing the old password if they are listed in the superUsers field in the milvus.yaml configuration file ^[1].

Here are a few things to check and try:

1. Configuration Check: Ensure that the milvus.yaml file is correctly configured and that the changes have been applied. The superUsers field should include both root and admin as you have specified.

2. Restart Milvus: After making changes to the milvus.yaml file, make sure to restart the Milvus service to apply the new configuration.

3. Function Usage: The reset_password function should allow a superuser to reset their password without the old password. However, it seems like there might be an issue with how the function is being called or implemented. Double-check the function signature and ensure that it is being used correctly.

4. Error Handling: The error messages you are receiving suggest that the old password is still being required. This might indicate a bug or a misconfiguration. If the configuration is correct and the issue persists, it might be worth checking if there are any updates or patches available for your version of Milvus.

If these steps do not resolve the issue, it might be necessary to look deeper into the Milvus codebase or consult additional documentation to understand if there are any version-specific issues or additional settings that need to be configured.

To continue talking to Dosu, mention @dosu.

---

^{Help Dosu learn! Give it feedback: Great Response | Irrelevant Answer | Incorrect Sources | Too Verbose | Hallucination | Bug Report | Other}

[yanliang567]

I dont't admin can reset root's password.
/assign @SimFG
could you please help to double confirm that?

/unassign

[xiaofan-luan]

supported by #23733
did you restart the cluster to make the config applied?

it seems to be already supported on 2.4.13

[SimFG]

@john-doe4 I will check it.