zoukankan      html  css  js  c++  java

  • mysql 5.6启用强密码

    mysql的密码策略通过插件的方式进行检查,插件的名称是validate_password,可通过如下方式安装:

    mysql> INSTALL PLUGIN validate_password SONAME 'validate_password.so';
    Query OK, 0 rows affected (0.03 sec)

    mysql> SELECT PLUGIN_NAME, PLUGIN_STATUS FROM INFORMATION_SCHEMA.PLUGINS;
    +-------------------------------+---------------+
    | PLUGIN_NAME | PLUGIN_STATUS |
    +-------------------------------+---------------+

    | validate_password | ACTIVE |
    +-------------------------------+---------------+
    54 rows in set (0.00 sec)

    mysql> exit
    Bye
    [root@localhost ~]# vi /etc/my.cnf

    [mysqld]

    plugin-load=validate_password.so
    validate-password=FORCE_PLUS_PERMANENT  ##可以让mysqld在密码验证插件未启用的情况下启动失败

    重启Mysql服务,

    mysql> show variables like '%pass%';
    +--------------------------------------+-----------------+
    | Variable_name | Value |
    +--------------------------------------+-----------------+
    | disconnect_on_expired_password | ON |
    | old_passwords | 0 |
    | report_password | |
    | sha256_password_private_key_path | private_key.pem |
    | sha256_password_public_key_path | public_key.pem |
    | validate_password_dictionary_file | |
    | validate_password_length | 8 |
    | validate_password_mixed_case_count | 1 |
    | validate_password_number_count | 1 |
    | validate_password_policy | MEDIUM |
    | validate_password_special_char_count | 1 |
    +--------------------------------------+-----------------+
    11 rows in set (0.00 sec)

    可以看到,validate_password提供了一些额外的控制密码强度的参数控制。其完整含义可参考http://dev.mysql.com/doc/refman/5.6/en/validate-password-plugin.html和http://dev.mysql.com/doc/refman/5.6/en/validate-password-options-variables.html

    mysql> set password = password('mysql');
    ERROR 1819 (HY000): Your password does not satisfy the current policy requirements
    mysql> set password = password('DFFEJd$:7');    -- $是特殊字符, 官方文档好像没有提及, @是可以的。
    ERROR 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'passwor'DushJd$:7')' at line 1
    mysql> set password = password('DFFEJd:7');
    Query OK, 0 rows affected (0.00 sec)

    这样新建的账户就强行启用密码策略了,但是已存在的用户还是原来的密码,可以正常的登录。所以此时需要更改这些用户的密码。mysql有个参数,按官方解释,如果设置这些账户的密码过期,也是可以阻止他们登录的,但5.6中实际上好像这个选项没生效。

    mysql> alter user root@'172.18.30.193' password expire;
    Query OK, 0 rows affected (0.00 sec)

    mysql> flush privileges;
    Query OK, 0 rows affected (0.00 sec)

    到30.193的服务登录,还是可以上去。5.7的时候,好像就没有这个问题了。
  • 相关阅读:
    「BZOJ1954」Pku3764 The xor – longest Path
    【bzoj4260】【Codechef REBXOR】
    BZOJ_3012_[Usaco2012 Dec]First!
    【bzoj1174】[Balkan2007]Toponyms
    String
    前缀和
    [POI2008] CLO
    [Scoi2010] 游戏
    CodeForces892E
    并查集的删除操作
  • 原文地址:https://www.cnblogs.com/zhjh256/p/6117894.html
Copyright © 2011-2022 走看看