当前位置:网站首页>Mysql5.7 set password policy (etc. three-level password transformation)
Mysql5.7 set password policy (etc. three-level password transformation)
2022-07-01 22:44:00 【Ahuuua】
Catalog
1. View the current configuration
4. Detailed configuration of password policy
Two 、 Set up 60 Days password expiration
3、 ... and 、 Overall change plan
Target password policy
Target password policy : At least one capital 、 At least one lowercase 、 At least one number 、 At least one character 、 Length at least 9 position 、60 Days password expiration .
My version number : 5.7.21
One 、 At least one capital 、 At least one lowercase 、 At least one number 、 At least one character 、 Length at least 9 position
1. View the current configuration
show variables like 'validate_password%';
Look up the , my mysql No password verification plug-in
The plug-in should be as follows
Directly in my.cnf The password policy was modified in the configuration file , The system will install the password plug-in for us by default , Otherwise, at the beginning, our database did not install the password plug-in by default .
Refer to this for installing plug-ins :mysql Installing a plug-in validate_password_ Captain 115 The blog of -CSDN Blog _mysql Installing a plug-in
2. View existing plug-ins
View the path of the plug-in show variables like 'plugin_dir';
There's something I need “validate_password.so” This plugin
3. Add the plug-in
modify my.cnf
# The file name of the plug-in library is validate_password. The file name suffix varies according to the platform ( for example ,linux yes .so about Windows yes .dll).
linux add to :
[mysqld]
plugin-load-add=validate_password.so
# The server loads the plug-in at startup , And prevent the plug-in from being deleted when the server is running .
validate-password=FORCE_PLUS_PERMANENTQuery after restart show variables like 'validate_password%' The results are as follows .
4. Detailed configuration of password policy
Meaning of password policy variables :
validate_password.policy: Password policy , Check the user's password .
0:(Low) Minimum password length 8 Characters
1:(Mediumpolicy) Include at least 1 A digital ,1 Lowercase letters ,1 Two capital letters and 1 Special characters ( The default value is )
2:(Strongpolicy) The length is 4 Or longer codon strings must not match words in the dictionary file
validate_password.length: Minimum password characters required , The default is 8
validate_password.number_count: The minimum number of numeric characters required for a password , The default is 1
validate_password.mixed_case_count: The minimum number of lowercase and uppercase characters required for passwords , The default is 1
validate_password.special_char_count: The minimum number of special characters that require a password , The default is 1
validate_password.dictionary_file: The pathname of the dictionary file used to check the password , There is no default
Here's my configuration :
1 A digital ,1 Lowercase letters ,1 Two capital letters and 1 Special characters , least 9 position .
5. Strategy achievement test
Two 、 Set up 60 Days password expiration
select * from mysql.user;
N In order not to expire ,Y Is overdue . The default is N Not overdue .
The statement that sets the password to expire is :alter user ‘ user name ’@‘host’ password expire; Such as :
alter user 'root'@'localhost' password expire;At this point, enter
select * from mysql.user;
see root Of password_expired The field has changed to Y, When you log in again, you will find that you can't connect , Prompt password expired . The solution is to change the login password .
Check the online statement , You can modify the expiration days ( How many days are overdue ), In days , Such as :
ALTER USER 'root'@'localhost' PASSWORD EXPIRE INTERVAL 30 DAY;Or change the password to never expire , Such as :
ALTER USER 'root'@'localhost' PASSWORD EXPIRE NEVER;Or change the password in this way without expiration :
SET GLOBAL default_password_lifetime = 0;I'm here to execute :
ALTER USER 'root'@'%' PASSWORD EXPIRE INTERVAL 60 DAY;Execution results :
3、 ... and 、 Overall change plan
Share the final change plan
#----------------
Target password policy
#----------------
At least one capital 、 At least one lowercase 、 At least one number 、 At least one character 、 Length at least 9 position 、60 Days password expiration .#----------------
modify root Password expiration time , No need to restart
#----------------
The master and slave perform the following steps respectively :
1. Change the expiration time
ALTER USER 'root'@'%' PASSWORD EXPIRE INTERVAL 60 DAY;2. View the execution results ,password_lifetime by 60
select * from mysql.user;#----------------
At least one capital 、 At least one lowercase 、 At least one number 、 At least one character 、 Length at least 9 position , Need to restart the database
#----------------0.
Database startup sequence
Stop using -> Stop the database ( First standby, then main ) -> Change configuration -> Start the database ( First, the main backup )-> Application
https://blog.csdn.net/qq_41466440/article/details/1251049621.
Stop using2.
close MySQL Slave Library
a. First, check the current master-slave synchronization status show slave statusG; See if it is double yes
b. perform stop slave
c. Stop the slave Library Service mysqladmin shutdown -u user name -p password (service mysqld stop)
d. See if there's any more mysql The process of ps -ef | grep mysql
d. If multiple instances are deployed , Then each instance should follow the above steps3.
close MySQL Main library
a. Stop the main library service mysqladmin shutdown -u user name -p password (service mysqld stop)
b. See if there's any more mysql The process of ps -ef | grep mysql4.
Edit profile
vim /etc/my.cnf
add to :
[mysqld]
plugin-load-add=validate_password.so
# The server loads the plug-in at startup , And prevent the plug-in from being deleted when the server is running .
validate-password=FORCE_PLUS_PERMANENT
# Password policy
validate_password_policy=1
validate_password_length=95.
start-up MySQL Main library
a. Start the main library service mysqladmin start -u user name -p password (service mysqld start)
b. see mysql The process of ps -ef | grep mysql6.
start-up MySQL Slave Library
a. Start the slave service mysqladmin start -u user name -p password (service mysqld start)
b. Start replication start slave;
c. Check synchronization status show slave statusG; Double or not yes
d. see mysql The process of ps -ef | grep mysql7.
Check whether the plug-in and policy are successfully added
service mysqld restart
show variables like 'validate_password%';
边栏推荐
- Sonic cloud real machine learning summary 6 - 1.4.1 server and agent deployment
- Measurement of reference loop gain and phase margin
- H5 model trained by keras to tflite
- LC501. 二叉搜索树中的众数
- MySQL MHA high availability configuration and failover
- 固定资产管理子系统报表分为什么大类,包括哪些科目
- 详解ThreadLocal
- pytorch训练自己网络后可视化特征图谱的代码
- 高攀不起的希尔排序,直接插入排序
- redis配置文件中常用配置详解[通俗易懂]
猜你喜欢
Spark interview questions
Sonic cloud real machine learning summary 6 - 1.4.1 server and agent deployment
Mysql——》Innodb存储引擎的索引
SAP 智能机器人流程自动化(iRPA)解决方案分享
搜狗微信APP逆向(二)so层
删除AWS绑定的信用卡账户
详解LockSupport的使用
Recent public ancestor offline practice (tarjan)
Kubernetes创建Service访问Pod
Learning notes on futuretask source code of concurrent programming series
随机推荐
Recent public ancestor offline practice (tarjan)
【日常训练】326. 3 的幂
In the past 100 years, only 6 products have been approved, which is the "adjuvant" behind the vaccine competition
LC501. 二叉搜索树中的众数
Awoo's favorite problem (priority queue)
PyTorch磨刀篇|argmax和argmin函数
awoo‘s Favorite Problem(优先队列)
详解LockSupport的使用
91.(cesium篇)cesium火箭发射模拟
友善串口助手使用教程_友善串口调试助手怎么进行配置-友善串口调试助手使用教程…
[jetcache] how to use jetcache
Basic knowledge of ngnix
隐藏用户的创建和使用
Learn MySQL from scratch - database and data table operations
Slope compensation
Compensation des créneaux horaires
2020-ViT ICLR
cvpr2022 human pose estiamtion
【c语言】malloc函数详解[通俗易懂]
QStringList 的常规使用