we use redis 6.0.9 rpm to install redis,which runs for three years in our project.But recently we fail to update password in redis.Even though we tried many times and even tested on two linux servers, we couldn't change the password.But the strange thing is that if we reinstall it, we can change the password successfully.Has anyone else been experiencing this issue?

Comment From: sundb

@meng-chun520 How did you change your password? can you give the reproduce stpes?

Comment From: meng-chun520

@sundb we tried two method: redis-server in this path /usr/bin/redis-server and redis.conf in /etc/redis.conf 1、we update requirepass config in redis.conf file then use systemctl restart redis to restart redis. 2、we update requirepass config in redis.conf then use /usr/bin/redis-server /etc/redis.conf to start redis after restarting redis,we use redis-cli to connect redis then use auth to input the new password,it shows (error) WRONGPASS invalid username-password pair .But if we input the old password,it connected succefully.

Comment From: sundb

@meng-chun520 did you confirm through the config_file of INFO SERVER that the config file you modified is exactly what Redis loaded?

Comment From: meng-chun520

yes,i am sure about that.Because if i change the redis.conf to redis1.conf,then i restart redis.It will show me Fatal error, can't open config file '/etc/redis.conf': No such file or directory .So the redis.conf does work

Comment From: meng-chun520

@sundb In two linux server,we have used it for 1 year but we fail to change the password.I also tryed in one server,which i installed redis only for one month.We can change the password succefully.If any config that we used wrong?Or if there are some problem with time?This is really confusing

Comment From: sundb

@meng-chun520 i'd like to confirm the following: 1. are you using acl? 2. are you using default user or other user?

Comment From: meng-chun520

@sundb i am using default user and i did not use acl

Comment From: dgoenczoel

Having the same issue here with redis_version:7.0.15 I've changed the password on 2 out of 3 servers in cluster and on one I'm struggling for 2 hours now, and it still accept the old password only?

Comment From: sundb

@dgoenczoel can you give your reproduce steps?

Comment From: dgoenczoel

Yes, it should be pretty simple, as I did it already on 2 out of 3 servers. I edited redis.conf and changed requirepass parameter, restarted redis process, did not worked. Rebooted, still old password is accepted

Tried with redis-cli CONFIG SET requirepass too and I got "OK" but I am still able to login only with the old password.

Comment From: sundb

@dgoenczoel thanks, how did you install redis?

Comment From: dgoenczoel

apt install -y redis redis-sentinel

Comment From: sundb

@dgoenczoel i guess you mistakenly use requirepass to modify non-default user. 1. please note this comment

# IMPORTANT NOTE: starting with Redis 6 "requirepass" is just a compatibility
# layer on top of the new ACL system. The option effect will be just setting
# the password for the default user. Clients will still authenticate using
# AUTH <password> as usually, or more explicitly with AUTH default <password>
# if they follow the new protocol: both will work.
#
  1. if you should use ACL SETUSER >password to change users' password.

Comment From: dgoenczoel

Thanks @sundb you helped me to eventually figure this out ACL SETUSER default on >NewPa$$word is setting the password only temporary. but with ACL LIST I can see the hashed new password. After that I pasted the hashed password in redis.conf under # Generated by CONFIG REWRITE for user "default". This way, I was able to login with the new password.

Comment From: sundb

@meng-chun520 please check the output of config get requirepass, if you have the config, the requirepass config will not work.

Comment From: dgoenczoel

I just checked and in my case, the return value of config get requirepass is same as the one in the redis.conf config file. With that password I cannot login because the user's hashed password is already defined under # Generated by CONFIG REWRITE in the config file and that obviously take precedence. As I removed everything under # Generated by CONFIG REWRITE and restarted, I was able to login with the password in the config file.

Comment From: meng-chun520

@meng-chun520 please check the output of config get requirepass, if you have the config, the requirepass config will not work.

Thanks,this helps lot.I found user default on #ad2ef16ff571727cc4345a9dbb617e73c02f529e66376ff618ab10609897c306 ~* +@all in redis.conf.And i delete this line.After that i change password,It works!

Comment From: meng-chun520

By the way,How does it happen?What will generate this line.Because I never change my redis.conf. But after long time when i tried to change the password,It will happen again.

Comment From: meng-chun520

@sundb Looking forward to your reply.

Comment From: sundb

@meng-chun520 because you don't have the aclfile config so that the acl list will be written into redis.conf when config rewrite.

Comment From: sundb

seems to be solved, let's close it.