MySQL Red hat linux

Password Validation Plugin in MySQL

The validate_password plugin serves to test passwords and improve security. The plugin exposes a set of system variables that enable you to define password policy.

First check the plugin directory of MySQL.

mysql> show variables like "plugin%";
+---------------+--------------------------+
| Variable_name | Value                    |
+---------------+--------------------------+
| plugin_dir    | /usr/lib64/mysql/plugin/ |
+---------------+--------------------------+
1 row in set (0.00 sec)

Go to given path and check it. We can see lots of plugins are present in Plugin Directory Of MySQL. We need PASSWORD_VALIDATE.SO file.

ll /usr/lib64/mysql/plugin/validate_password.so
-rwxr-xr-x. 1 root root 201768 Jan 27  2016 /usr/lib64/mysql/plugin/validate_password.so

Now Stop MySQL Services

/etc/init.d/mysql stop

Now open my.cnf file of MySQL at /etc/ and add below lines.

plugin-load        		= validate_password.so
validate-password      		= FORCE_PLUS_PERMANENT
validate_password_length        = 6
validate_password_mixed_case_count = 1
validate_password_number_count = 1
validate_password_special_char_count = 1
validate_password_policy       	= MEDIUM

Start MySQL Services

/etc/init.d/mysql start

Now login to MySQL And execute below command.

INSTALL PLUGIN validate_password SONAME 'validate_password.so';
mysql> SHOW VARIABLES LIKE 'validate_password%';
+--------------------------------------+--------+
| Variable_name                        | Value  |
+--------------------------------------+--------+
| validate_password_dictionary_file    |        |
| validate_password_length             | 8      |
| validate_password_mixed_case_count   | 1      |
| validate_password_number_count       | 1      |
| validate_password_policy             | MEDIUM |
| validate_password_special_char_count | 1      |
+--------------------------------------+--------+

Now as you can see above. you can define policy as per your requirement like what should be password length and how many character and special character should be present in the password.

Now try to assign some simple password and check if it accepts. We can see its not accepting simple password.

Loading

Leave a Reply

Your email address will not be published. Required fields are marked *