Shulou(Shulou.com)05/31 Report--

This article introduces the relevant knowledge of "what are the MySQL password policies?". In the operation of actual cases, many people will encounter such a dilemma. Then let the editor lead you to learn how to deal with these situations. I hope you can read it carefully and be able to achieve something!

1) temporary password

To enhance security, MySQL5.7 randomly generates a password for root users, in error log.

Mysql > select @ @ log_error

+-+

| / var/log/mysqld.log |

+-+

The temporary password for MySQL can be obtained through the # grep "password" / var/log/mysqld.log command. After logging in to the server with this password, you must change the password immediately, otherwise the following error will be reported:

Mysql > select user ()

ERROR 1820 (HY000): You must reset your password using ALTER USER statement before executing this statement.

If you just change it to a simple password, the following error will be reported:

Mysql > ALTER USER USER () IDENTIFIED BY '12345678'

ERROR 1819 (HY000): Your password does not satisfy the current policy requirements

This is actually related to the value of validate_password_policy.

In versions after 5.6.8, after initialization with mysql_install_db, the root password will be stored in / root/.mysql_secret as detailed in the-- random-passwords parameter.

2) password policy

Validate_password_policy has the following values:

Policy Tests Performed

0 or LOW Length

1 or MEDIUM Length; numeric, lowercase/uppercase, and special characters

2 or STRONG Length; numeric, lowercase/uppercase, and special characters; dictionary file

The default is 1, that is, MEDIUM, so the password you set at the beginning must match the length and must contain numbers, lowercase letters, uppercase letters, and special characters.

The password length is determined by the validate_password_length parameter:

The validate_password_length parameter defaults to 8, which is limited by a minimum value of:

Validate_password_number_count + validate_password_special_char_count + (2 * validate_password_mixed_case_count)

Where validate_password_number_count specifies the length of the data in the password, validate_password_special_char_count specifies the length of special characters in the password, and validate_password_mixed_case_count specifies the length of large and small letters in the password. For these parameters, the default value is 1, so the minimum value of validate_password_length is 4. If you explicitly specify that the value of validate_password_length is less than 4, although there will be no error, the value of validate_password_length will be set to 4.

Sometimes, just to test it myself, I don't want the password to be so complicated. For example, I just want to set the password for root to 123456. Two global parameters must be modified:

Mysql > set global validate_password_policy=0

Mysql > set global validate_password_length=4

3) validate_password plug-in

To have password policy authentication, Mysql must follow the validate_password plug-in, and MySQL5.7 is installed by default.

So how do you verify that the validate_password plug-in is installed? By looking at the following parameters, if it is not installed, the output will be empty.

Mysql > SHOW VARIABLES LIKE 'validate_password%'

+-+ +

| | Variable_name | Value |

+-+ +

| | validate_password_dictionary_file |

| | validate_password_length | 6 | |

| | validate_password_mixed_case_count | 2 | |

| | validate_password_number_count | 1 | |

| | validate_password_policy | LOW |

| | validate_password_special_char_count | 1 | |

+-+ +

6 rows in set (0.00 sec)

(excerpt from: http://www.linuxidc.com/Linux/2016-01/127831.htm)

Installation of plug-ins enabled:

The library object file corresponding to the plug-in needs to be in the directory specified by the configuration option plugin_dir. You can use-- plugin-load=validate_password.so to load the plug-in when server starts, or to write plugin-load=validate_password.so to the configuration file. You can also load the plug-in (which will be registered in the mysql.plugins table) mysql > INSTALL PLUGIN validate_password SONAME 'validate_password.so' while server is running with the following statement

To prevent the plug-in from being deleted at run time, add it to the configuration file:

[mysqld]

Plugin-load=validate_password.so

Validate-password=FORCE_PLUS_PERMANENT

This is the end of the content of "what are the MySQL password policies". Thank you for reading. If you want to know more about the industry, you can follow the website, the editor will output more high-quality practical articles for you!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.