使用ALTER USER 语句锁定 mysql>ALTER USER 'demo'@'localhost' ACCOUNT LOCK; Query OK, 0 rows affected (0.00 sec) 使用被锁账号登录会报ERROR 3118错误: $ mysql -udemo -p Enter password: ERROR 3118 (HY000): Access denied for user 'demo'@'localhost'. Account is locked. 解锁账号 mysql>ALTER USER 'demo'@'localhost' ACCOUNT UNLOCK; Query OK, 0 rows affected (0.00 sec)
查看用户是否锁定
select user,host,account_locked from mysql.user;
转自
MySQL 5.7账号锁定Account Lock https://majing.io/posts/10000004771184
5.7加入了LOCK ACCOUNT功能和ORACLE一样了,
但是5.6貌似没有,但是可以代替用如下方法设置密码过期。
The mysql.usertable now has a password_expiredcolumn. Its default value is 'N', but can be set to 'Y'with the new ALTER USER statement. After an account's password has been expired, all operations performed in subsequent connections to the server using the account result in an error until the user issues a SET PASSWORDstatement to establish a new account password. For more information, see Section 13.7.1.1, “ALTER USERSyntax”, and Section 6.3.6, “Password Expiration and Sandbox Mode”.
就是下面这个语法 mysql> alter user mytest1@'%' password expire; 如果要恢复 set password for mytest1@'%' = '*******';
注意:只要重置一下过期用户的密码就行(注意不能使用 update mysql.user方法来重置密码)
其实就是MYSQL.USER下面的字段 password_expired 标示了是否过期。
mysql> select user,host,password,password_expired from mysql.user where user = 'root'; +------+---------------------+-------------------------------------------+------------------+ | user | host | password | password_expired | +------+---------------------+-------------------------------------------+------------------+ | root | localhost | *81F5E21E35407D884A6CD4A731AEBFB6AF209E1B | N | | root | all-middle-mysql-10 | *81F5E21E35407D884A6CD4A731AEBFB6AF209E1B | Y | | root | 127.0.0.1 | *81F5E21E35407D884A6CD4A731AEBFB6AF209E1B | Y | | root | ::1 | *81F5E21E35407D884A6CD4A731AEBFB6AF209E1B | Y | +------+---------------------+-------------------------------------------+------------------+ 4 rows in set (0.00 sec)