exist, but it does have privileges--usually on the default test database created by mariadb-install-db. These account-less privileges are a legacy that is leftover from a time when MySQL's privilege system was less advanced. This situation means that you will run into errors if you try to create a ''@'%' account. For example: CREATE USER ''@'%'; ERROR 1396 (HY000): Operation CREATE USER failed for ''@'%' The fix is to DELETE the row in the mysql.db table and then execute FLUSH PRIVILEGES: DELETE FROM mysql.db WHERE User='' AND Host='%'; FLUSH PRIVILEGES; Note that FLUSH PRIVILEGES is only needed if one modifies the mysql tables directly. It is not needed when using CREATE USER, DROP USER, GRANT etc. And then the account can be created: CREATE USER ''@'%'; Query OK, 0 rows affected (0.01 sec) See MDEV-13486 for more information. Password Expiry --------------- MariaDB starting with 10.4.3 ---------------------------- Besides automatic password expiry, as determined by default_password_lifetime, password expiry times can be set on an individual user basis, overriding the global setting, for example: CREATE USER 'monty'@'localhost' PASSWORD EXPIRE INTERVAL 120 DAY; See User Password Expiry for more details. Account Locking --------------- MariaDB starting with 10.4.2 ---------------------------- Account locking permits privileged administrators to lock/unlock user accounts. No new client connections will be permitted if an account is locked (existing connections are not affected). For example: CREATE USER 'marijn'@'localhost' ACCOUNT LOCK; See Account Locking for more details. From MariaDB 10.4.7 and MariaDB 10.5.8, the lock_option and password_option clauses can occur in either order. URL: https://mariadb.com/kb/en/create-user/d password_option clauses can occur in either order. URL: https://mariadb.com/kb/en/alter-user/https://mariadb.com/kb/en/grant/ion file and if mariadb-install-db is executed, then mariadb-install-db will read this option from the option file, and it will automatically set this option. Altering the User Account to Revert to the Previous Authentication Method ------------------------------------------------------------------------- If you have already installed MariaDB, and if the root@localhost user account is already using unix_socket authentication, then you can revert to the old mysql_native_password authentication method for the user account by executing the following: ALTER USER root@localhost IDENTIFIED VIA mysql_native_password USING PASSWORD("verysecret") URL: https://mariadb.com/kb/en/authentication-from-mariadb-104/