MariaDB starting with 10.1.2

The simple_password_check plugin was introduced in MariaDB 10.1.2

To enable it, run:

INSTALL SONAME 'simple_password_check';

simple_password_check is a password validation plugin. It can check whether a password contains at least a certain number of characters of a specific type. When first installed, a password is required to be at least eight characters, and requires at least one digit, one uppercase character, one lowercase character, and one character that is neither a digit nor a letter.

Versions

VersionStatusIntroduced
1.0StableMariaDB 10.1.18
1.0GammaMariaDB 10.1.13
1.0BetaMariaDB 10.1.11
1.0AlphaMariaDB 10.1.2

Variables

These settings can be configured using the following variables:

simple_password_check_digits

  • Description: A password must contain at least this many digits.
  • Commandline: --simple-password-check-digits=#
  • Scope: Global
  • Dynamic: Yes
  • Data Type: numeric
  • Default Value: 1
  • Range: 0 to 1000
  • Introduced: MariaDB 10.1.2

simple_password_check_letters_same_case

  • Description: A password must contain at least this many upper-case and this many lower-case letters.
  • Commandline: --simple-password-check-letters-same-case=#
  • Scope: Global
  • Dynamic: Yes
  • Data Type: numeric
  • Default Value: 1
  • Range: 0 to 1000
  • Introduced: MariaDB 10.1.2

simple_password_check_minimal_length

  • Description: A password must contain at least this many characters.
  • Commandline: --simple-password-check-minimal-length=#
  • Scope: Global
  • Dynamic: Yes
  • Data Type: numeric
  • Default Value: 8
  • Range: 0 to 1000
  • Introduced: MariaDB 10.1.2

simple_password_check_other_characters

  • Description: A password must contain at least this many characters that are neither digits nor letters.
  • Commandline: --simple-password-check-other-characters=#
  • Scope: Global
  • Dynamic: Yes
  • Data Type: numeric
  • Default Value: 1
  • Range: 0 to 1000
  • Introduced: MariaDB 10.1.2

These variables can be set on the command line or from the my.cnf file. They can also be modified with the SQL SET GLOBAL statement.

Note that passwords can be directly set as a hash, bypassing the password validation, if the strict_password_validation variable is OFF (it is ON by default).

Example

When creating a new password, if the criteria are not met, the following error is returned:

SET PASSWORD FOR 'bob'@'%.loc.gov' = PASSWORD('abc');
ERROR 1819 (HY000): Your password does not satisfy the current policy requirements

See also

Comments

Comments loading...