Authentication for MariaDB Enterprise Server

Overview

MariaDB Enterprise Server authentication is performed by database user accounts. Database user accounts are specified by user name, the host name from which the account is connecting, and the authentication plugins configured for the account, such as mysql_native_password, pam, or unix_socket.

Change Password

The password for a database user account can be changed using the ALTER USER and SET PASSWORD statements.

With ALTER USER:

ALTER USER 'USER'@'192.0.2.%'
   IDENTIFIED BY 'PASSWD';

With SET PASSWORD:

SET PASSWORD FOR 'USER'@'192.0.2.%'
   = PASSWORD('PASSWD');

Password Validation Plugins

If your MariaDB Enterprise Server node has a password validation plugin installed, then the password should also meet the configured requirements. When you try to set or change a user's password and the password validation plugin rejects the password, the following error message will be shown:

ERROR HY000: Your password does not satisfy the current policy requirements

By default, MariaDB Enterprise Server installs the simple_password_check plugin, but the cracklib_password_check plugin is also available.

For simple_password_check, the password requirements are configured by several system variables:

Authentication Plugins

MariaDB Enterprise Server uses authentication plugins to support different authentication methods. The default authentication plugin is mysql_native_password.