MySQL8.0 密码管理与密码策略

一、密码管理

#新密码不能和前面三次的密码相同
password_history = 3 ; 
#新密码不能和前面九十天内使用的密码相同
password_reuse_interval = 90 ; 
# 默认为off；为on 时 修改密码需要用户提供当前密码 (开启后修改密码需要验证旧密码，root 用户不需要)
password_require_current = on ;
#查看密码管理策略
mysql> show variables like 'password%';
+--------------------------+-------+
| Variable_name            | Value |
+--------------------------+-------+
| password_history         | 0     |
| password_require_current | OFF   |
| password_reuse_interval  | 0     |
+--------------------------+-------+
3 rows in set (0.00 sec)

参数修改(建议)

## 找到mysql的配置文件 my.cnf，默认在 /etc/my.cnf
vi /etc/my.cnf
## 在最后增加一行， 保存退出
password_history=6

二、密码安全策略

MySQL密码密码策略validate_password默认状态为NOT activated

#1.查看密码策略显示为空
mysql> SHOW VARIABLES LIKE 'validate_password%';
Empty set (0.00 sec)
#2.使用命令
mysql> install plugin validate_password soname 'validate_password.so';
Query OK, 0 rows affected, 1 warning (0.00 sec)
#3.查看返回ACTIVE状态,说明密码策略已启用
mysql> select plugin_name, plugin_status from information_schema.plugins where p                                                                                          lugin_name like 'validate%';
+-------------------+---------------+
| plugin_name       | plugin_status |
+-------------------+---------------+
| validate_password | ACTIVE        |
+-------------------+---------------+
1 row in set (0.00 sec)
#4.查看密码策略
mysql> SHOW VARIABLES LIKE 'validate_password%';
+--------------------------------------+--------+
| Variable_name                        | Value  |
+--------------------------------------+--------+
| validate_password_check_user_name    | ON     |
| validate_password_dictionary_file    |        |
| validate_password_length             | 8      |
| validate_password_mixed_case_count   | 1      |
| validate_password_number_count       | 1      |
| validate_password_policy             | MEDIUM |
| validate_password_special_char_count | 1      |
+--------------------------------------+--------+
7 rows in set (0.00 sec)
#5.密码强度要求（0或low代表最低要求）
mysql> set global validate_password_policy=0;
Query OK, 0 rows affected (0.00 sec)
#6.密码长度要求
mysql> set global validate_password_length=4;
Query OK, 0 rows affected (0.00 sec)
#7.查看修改后的密码策略
mysql> SHOW VARIABLES LIKE 'validate_password%';
+--------------------------------------+-------+
| Variable_name                        | Value |
+--------------------------------------+-------+
| validate_password_check_user_name    | ON    |
| validate_password_dictionary_file    |       |
| validate_password_length             | 4     |
| validate_password_mixed_case_count   | 1     |
| validate_password_number_count       | 1     |
| validate_password_policy             | LOW   |
| validate_password_special_char_count | 1     |
+--------------------------------------+-------+
7 rows in set (0.01 sec)