Catalog

Target password policy

One 、 At least one capital 、 At least one lowercase 、 At least one number 、 At least one character 、 Length at least 9 position

1. View the current configuration

2. View existing plug-ins

3. Add the plug-in

4. Detailed configuration of password policy

5. Strategy achievement test

Two 、 Set up 60 Days password expiration

3、 ... and 、 Overall change plan

Target password policy

Target password policy ： At least one capital 、 At least one lowercase 、 At least one number 、 At least one character 、 Length at least 9 position 、60 Days password expiration .

My version number ： 5.7.21

One 、 At least one capital 、 At least one lowercase 、 At least one number 、 At least one character 、 Length at least 9 position

1. View the current configuration

show variables like 'validate_password%';

Look up the , my mysql No password verification plug-in

The plug-in should be as follows

  Directly in my.cnf The password policy was modified in the configuration file , The system will install the password plug-in for us by default , Otherwise, at the beginning, our database did not install the password plug-in by default .

Refer to this for installing plug-ins ：mysql Installing a plug-in validate_password_ Captain 115 The blog of -CSDN Blog _mysql Installing a plug-in

2. View existing plug-ins

View the path of the plug-in   show variables like 'plugin_dir'; 

There's something I need “validate_password.so” This plugin

3. Add the plug-in

modify my.cnf

# The file name of the plug-in library is validate_password. The file name suffix varies according to the platform ( for example ,linux yes .so about Windows yes .dll).

 linux add to ：

[mysqld]
plugin-load-add=validate_password.so
# The server loads the plug-in at startup , And prevent the plug-in from being deleted when the server is running .
validate-password=FORCE_PLUS_PERMANENT

Query after restart show variables like 'validate_password%' The results are as follows .

4. Detailed configuration of password policy

Meaning of password policy variables ：

validate_password.policy： Password policy , Check the user's password .

        0：(Low) Minimum password length 8 Characters

        1：(Mediumpolicy) Include at least 1 A digital ,1 Lowercase letters ,1 Two capital letters and 1 Special characters ( The default value is )

        2：(Strongpolicy) The length is 4 Or longer codon strings must not match words in the dictionary file

validate_password.length： Minimum password characters required , The default is 8

validate_password.number_count： The minimum number of numeric characters required for a password , The default is 1

validate_password.mixed_case_count： The minimum number of lowercase and uppercase characters required for passwords , The default is 1

validate_password.special_char_count： The minimum number of special characters that require a password , The default is 1

validate_password.dictionary_file： The pathname of the dictionary file used to check the password , There is no default

Here's my configuration ：

 1 A digital ,1 Lowercase letters ,1 Two capital letters and 1 Special characters , least 9 position .

5. Strategy achievement test

Two 、 Set up 60 Days password expiration

select * from mysql.user;

N In order not to expire ,Y Is overdue . The default is N Not overdue .

The statement that sets the password to expire is ：alter user ‘ user name ’@‘host’ password expire; Such as ：

alter user 'root'@'localhost' password expire;

At this point, enter

select * from mysql.user;

see root Of password_expired The field has changed to Y, When you log in again, you will find that you can't connect , Prompt password expired . The solution is to change the login password .

Check the online statement , You can modify the expiration days （ How many days are overdue ）, In days , Such as ：

ALTER USER 'root'@'localhost' PASSWORD EXPIRE INTERVAL 30 DAY;

Or change the password to never expire , Such as ：

ALTER USER 'root'@'localhost' PASSWORD EXPIRE NEVER;

Or change the password in this way without expiration :

SET GLOBAL default_password_lifetime = 0;

I'm here to execute ：

ALTER USER 'root'@'%' PASSWORD EXPIRE INTERVAL 60 DAY;

Execution results ：

3、 ... and 、 Overall change plan

  Share the final change plan

#----------------
Target password policy
#----------------
At least one capital 、 At least one lowercase 、 At least one number 、 At least one character 、 Length at least 9 position 、60 Days password expiration .

#----------------
modify root Password expiration time , No need to restart
#----------------

The master and slave perform the following steps respectively ：
1. Change the expiration time
ALTER USER 'root'@'%' PASSWORD EXPIRE INTERVAL 60 DAY;

2. View the execution results ,password_lifetime by 60
select * from mysql.user;

#----------------
At least one capital 、 At least one lowercase 、 At least one number 、 At least one character 、 Length at least 9 position , Need to restart the database
#----------------

0.

Database startup sequence
Stop using -> Stop the database （ First standby, then main ） -> Change configuration -> Start the database （ First, the main backup ）-> Application
https://blog.csdn.net/qq_41466440/article/details/125104962

1.
Stop using  

2.
close MySQL Slave Library
a. First, check the current master-slave synchronization status show slave statusG; See if it is double yes
b. perform stop slave
c. Stop the slave Library Service mysqladmin shutdown -u user name -p password (service mysqld stop)
d. See if there's any more mysql The process of ps -ef | grep mysql
d. If multiple instances are deployed , Then each instance should follow the above steps

3.
close MySQL Main library
a. Stop the main library service mysqladmin shutdown -u user name -p password (service mysqld stop)
b. See if there's any more mysql The process of ps -ef | grep mysql

4.
Edit profile
vim /etc/my.cnf
add to ：
[mysqld]
plugin-load-add=validate_password.so
# The server loads the plug-in at startup , And prevent the plug-in from being deleted when the server is running .
validate-password=FORCE_PLUS_PERMANENT
# Password policy
validate_password_policy=1
validate_password_length=9

5.
start-up MySQL Main library
a. Start the main library service mysqladmin start -u user name -p password (service mysqld start)
b. see mysql The process of ps -ef | grep mysql

6.
start-up MySQL Slave Library
a. Start the slave service mysqladmin start -u user name -p password (service mysqld start)
b. Start replication start slave;
c. Check synchronization status show slave statusG; Double or not yes
d. see mysql The process of ps -ef | grep mysql

7.
Check whether the plug-in and policy are successfully added
service mysqld restart
show variables like 'validate_password%';