apache · yiguolei · Apr 23, 2023 · Apr 19, 2023 · Apr 20, 2023 · Apr 22, 2023
diff --git a/docs/en/docs/admin-manual/privilege-ldap/user-privilege.md b/docs/en/docs/admin-manual/privilege-ldap/user-privilege.md
@@ -236,9 +236,9 @@ ADMIN_PRIV and GRANT_PRIV have the authority of **"grant authority"** at the sam
 
 5. Forget passwords
 
-	If you forget your password and cannot log in to Doris, you can log in to Doris without a password using the following command on the machine where the Doris FE node is located:
+	If you forget your password and cannot log in to Doris, you can add `skip_localhost_auth_check` in fe config so that logging to Doris without a password in localhost.
 
-	`mysql-client -h 127.0.0.1 -P query_port -uroot`
+	`skip_localhost_auth_check = true`
 
 	After login, the password can be reset through the SET PASSWORD command.
 

diff --git a/docs/zh-CN/docs/admin-manual/privilege-ldap/user-privilege.md b/docs/zh-CN/docs/admin-manual/privilege-ldap/user-privilege.md
@@ -228,9 +228,9 @@ ADMIN_PRIV 和 GRANT_PRIV 权限同时拥有**授予权限**的权限，较为
 
 5. 忘记密码
 
-   如果忘记了密码无法登陆 Doris，可以在 Doris FE 节点所在机器，使用如下命令无密码登陆 Doris：
+   如果忘记了密码无法登陆 Doris，可以在 FE 的 config 文件中添加 `skip_localhost_auth_check` 参数，从而无密码在本机登陆 Doris：
 
-   `mysql-client -h 127.0.0.1 -P query_port -uroot`
+   `skip_localhost_auth_check = true`
 
    登陆后，可以通过 SET PASSWORD 命令重置密码。
 

diff --git a/docs/zh-CN/docs/get-starting/get-starting.md b/docs/zh-CN/docs/get-starting/get-starting.md
@@ -128,7 +128,7 @@ mysql -uroot -P9030 -h127.0.0.1
 >
 >1. 这里使用的 root 用户是 doris 内置的默认用户，也是超级管理员用户，具体的用户权限查看 [权限管理](../admin-manual/privilege-ldap/user-privilege.md)
 >2. -P ：这里是我们连接 Doris 的查询端口，默认端口是 9030，对应的是fe.conf里的 `query_port`
->3. -h ： 这里是我们连接的 FE IP地址，如果你的客户端和 FE 安装在同一个节点可以使用127.0.0.1，这种也是 Doris 提供的如果你忘记 root 密码，可以通过这种方式不需要密码直接连接登录，进行对 root 密码进行重置
+>3. -h ： 这里是我们连接的 FE IP地址，如果你的客户端和 FE 安装在同一个节点可以使用127.0.0.1。
 
 执行下面的命令查看 FE 运行状态
 

diff --git a/fe/fe-common/src/main/java/org/apache/doris/common/Config.java b/fe/fe-common/src/main/java/org/apache/doris/common/Config.java
@@ -2116,5 +2116,12 @@ public class Config extends ConfigBase {
      */
     @ConfField(mutable = true)
     public static boolean infodb_support_ext_catalog = false;
+
+    /**
+     * If true, auth check will be disabled. The default value is false.
+     * This is to solve the case that user forgot the password.
+     */
+    @ConfField(mutable = true)
+    public static boolean skip_localhost_auth_check  = false;
 }
 
diff --git a/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/Auth.java b/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/Auth.java
@@ -38,6 +38,7 @@
 import org.apache.doris.common.AnalysisException;
 import org.apache.doris.common.AuthenticationException;
 import org.apache.doris.common.AuthorizationException;
+import org.apache.doris.common.Config;
 import org.apache.doris.common.DdlException;
 import org.apache.doris.common.ErrorCode;
 import org.apache.doris.common.ErrorReport;
@@ -170,8 +171,9 @@ public void mergeRolesNoCheckName(List<String> roles, Role savedRole) throws Ddl
      */
     public void checkPassword(String remoteUser, String remoteHost, byte[] remotePasswd, byte[] randomString,
             List<UserIdentity> currentUser) throws AuthenticationException {
-        if ((remoteUser.equals(ROOT_USER) || remoteUser.equals(ADMIN_USER)) && remoteHost.equals("127.0.0.1")) {
-            // root and admin user is allowed to login from 127.0.0.1, in case user forget password.
+        if ((ROOT_USER.equals(remoteUser) || ADMIN_USER.equals(remoteUser)) && Config.skip_localhost_auth_check
+                && "127.0.0.1".equals(remoteHost)) {
+            // in case user forget password.
             if (remoteUser.equals(ROOT_USER)) {
                 currentUser.add(UserIdentity.ROOT);
             } else {