The Simple Password Check Plugin enforces basic password complexity rules, such as minimum length and required numbers of digits, letters, and special characters.
simple_password_check is a password validation plugin. It can check whether a password contains at least a certain number of characters of a specific type. When first installed, a password is required to be at least eight characters, and requires at least one digit, one uppercase character, one lowercase character, and one character that is neither a digit nor a letter.
Note that passwords can be directly set as a hash, bypassing the password validation, if the strict_password_validation variable is OFF (it is ON by default).
Although the plugin's shared library is distributed with MariaDB by default, the plugin is not actually installed by MariaDB by default. There are two methods that can be used to install the plugin with MariaDB.
The first method can be used to install the plugin without restarting the server. You can install the plugin dynamically by executing or :
The second method can be used to tell the server to load the plugin when it starts up. The plugin can be installed this way by providing the or the options. This can be specified as a command-line argument to mariadbd, or it can be specified in a relevant server in an :
You can uninstall the plugin dynamically by executing or :
If you installed the plugin by providing the or the options in a relevant server in an , then those options should be removed to prevent the plugin from being loaded the next time the server is restarted.
When creating a new password, if the criteria are not met, the following error is returned:
simple_password_check_digitsDescription: A password must contain at least this many digits.
Command line: --simple-password-check-digits=#
Scope: Global
Dynamic: Yes
simple_password_check_letters_same_caseDescription: A password must contain at least this many upper-case and this many lower-case letters.
Command line: --simple-password-check-letters-same-case=#
Scope: Global
Dynamic: Yes
simple_password_check_minimal_lengthDescription: A password must contain at least this many characters.
Command line: --simple-password-check-minimal-length=#
Scope: Global
Dynamic: Yes
simple_password_check_other_charactersDescription: A password must contain at least this many characters that are neither digits nor letters.
Command line: --simple-password-check-other-characters=#
Scope: Global
Dynamic: Yes
simple_password_checkDescription: Controls how the server should treat the plugin when the server starts up.
Valid values are:
OFF - Disables the plugin without removing it from the table.
- use the Cracklib password-strength checking library
This page is licensed: CC BY-SA / Gnu FDL
Data Type: numeric
Default Value: 1
Range: 0 to 1000
Data Type: numeric
Default Value: 1
Range: 0 to 1000
Data Type: numeric
Default Value: 8
Range: 0 to 1000
Data Type: numeric
Default Value: 1
Range: 0 to 1000
ON - Enables the plugin. If the plugin cannot be initialized, then the server will still continue starting up, but the plugin will be disabled.FORCE - Enables the plugin. If the plugin cannot be initialized, then the server will fail to start with an error.
FORCE_PLUS_PERMANENT - Enables the plugin. If the plugin cannot be initialized, then the server will fail to start with an error. In addition, the plugin cannot be uninstalled with UNINSTALL SONAME or UNINSTALL PLUGIN while the server is running.
See Plugin Overview: Configuring Plugin Activation at Server Startup for more information.
Command line: --simple-password-check=value
Data Type: enumerated
Default Value: ON
Valid Values: OFF, ON, FORCE, FORCE_PLUS_PERMANENT
INSTALL SONAME 'simple_password_check';[mariadb]
...
plugin_load_add = simple_password_checkUNINSTALL SONAME 'simple_password_check';SET PASSWORD FOR 'bob'@'%.loc.gov' = PASSWORD('abc');
ERROR 1819 (HY000): Your password does not satisfy the current policy requirements