How to Change MySQL Password Policy Level on Linux
MySQL version 5.6.6 comes with a new security plugin called Password Validation Plugin. The validate_password plugin test password strength and improve security.
Sometimes while changing the password you got the error “ERROR 1819 (HY000): Your password does not satisfy the current policy requirements”
validate_password plugin have three level of security as below:
LOW: Length >= 8
MEDIUM (Default): Length >= 8, numeric, mixed case, and special characters
STRONG: Length >= 8, numeric, mixed case, special characters, and dictionary file
See Also:
- FEW MYSQL COMMANDS IN LINUX
- FOR “TOO MANY CONNECTIONS” ERROR IN MYSQL
- HOW TO RESIZE MYSQL INNODB LOGS FILE IN CENTOS/RHEL
- HOW TO CONFIGURE MASTER-SLAVE MYSQL REPLICATION ON CENTOS/RHEL 5/6/7
- MYSQL INTERVIEW QUESTIONS
- MYSQL COMMANDS FOR CENTOS/RHEL
- CONFIGURE MASTER AND SLAVE DATABASE REPLICATION USING MYSQLND PLUGIN
- RESET (RE-SYNC) MYSQL MASTER-SLAVE REPLICATION
This article will provide you a short explanation of password validation plugin functionalities.
Display Password Policy:
You can verify the current policy level using mention commands.
# mysql -u root -p
mysql> SHOW VARIABLES LIKE 'validate_password%';
+--------------------------------------+--------+
| Variable_name | Value |
+--------------------------------------+--------+
| validate_password_dictionary_file | |
| validate_password_length | 8 |
| validate_password_mixed_case_count | 1 |
| validate_password_number_count | 1 |
| validate_password_policy | MEDIUM |
| validate_password_special_char_count | 1 |
+--------------------------------------+--------+
6 rows in set (0.00 sec)
The default level is MEDIUM so you change it to LOW or STRONG.
Change Password Policy:
You can change the default password policy level at runtime using the command line. Here we are going to change the password policy
Method 1:
# mysql -u root -p
mysql> SET GLOBAL validate_password_policy=LOW;
Method 2:
There is another way to change the password policy. You can also use the MySQL configuration file to change the password policy.
# vim /etc/my.cnf
Add the mention line.
[mysqld]
validate_password_policy=LOW
Restart the MySQL service.
For CentOS/RHEL 7
# systemctl restart mysql
For CentOS/RHEL 6
# service mysql restart
Verify Password Policy:
After changing the password policy you can verify policy using mention command.
# mysql -u root -p
mysql> SHOW VARIABLES LIKE 'validate_password%';
+--------------------------------------+-------+
| Variable_name | Value |
+--------------------------------------+-------+
| validate_password_dictionary_file | |
| validate_password_length | 8 |
| validate_password_mixed_case_count | 1 |
| validate_password_number_count | 1 |
| validate_password_policy | LOW |
| validate_password_special_char_count | 1 |
+--------------------------------------+-------+
6 rows in set (0.00 sec)
You can also verify password policy by creating the user on MySQL.
# mysql -u root -p
mysql> create user 'dennis'@'localhost' identified by 'abcdefg';
ERROR 1819 (HY000): Your password does not satisfy the current policy requirements
Set Password File:
You can also update the password file with password policy level. Here we are configuring password file with a STRONG password level.
# mysql -u root -p
mysql> SET GLOBAL validate_password_dictionary_file='/etc/my.cnf.d/passwordfile';
mysql> SET GLOBAL validate_password_policy=STRONG;
mysql> SHOW VARIABLES LIKE 'validate_password.%';
+--------------------------------------+----------------------------+ | Variable_name | Value | +--------------------------------------+----------------------------+ | validate_password_dictionary_file | /etc/my.cnf.d/passwordfile | | validate_password_length | 8 | | validate_password_mixed_case_count | 1 | | validate_password_number_count | 1 | | validate_password_policy | STRONG | | validate_password_special_char_count | 1 | +--------------------------------------+----------------------------+ 6 rows in set (0.00 sec)
Reference:
https://dev.mysql.com/doc/refman/5.6/en/validate-password.html
Enjoy it!
