password_reuse_check Plugin

Overview

Prevent password reuse

See also: Plugins in 10.6 ES, in 10.5 ES, and in 10.4 ES

DETAILS

This plugin implements a way to prevent a user from setting a password that had been set for that user previously. This plugin does not prevent multiple users from setting the same password.

The plugin only affects a SQL statement that sets a user password using a literal password string. It cannot check the password of a SQL statement that makes use of a hashed password value.

The plugin makes use of password history records stored in the password_reuse_check_history system table. Each row in the table stores a cryptographic hash and a date. The hashed data includes information about the affected user and the password that is being set. Because it is a one-way cryptographic hash, the stored data cannot be used to extract the prior password values nor which user the historical record is associated with.

The amount of time that the historical records are kept is controlled by the password_reuse_check_interval system variable which can be set to a count of days to use for the expiration period, or to 0 to indicate that the records do not expire. The default is for the data to never expire.

PARAMETERS

Type

PASSWORD VALIDATION

Maturity

Gamma

Version

1.0

Auth Version

1.0

SKYSQL

Cloud

SkySQL Topology

ES Ver

Plugin Present?

AWS

Multi-Node Analytics

10.6

No

Single Node Analytics

10.6

No

Replicated Transactions

10.4

No

10.5

No

10.6

No

Single Node Transactions

10.4

No

10.5

No

10.6

No

GCP

Multi-Node Analytics

10.6

No

Single Node Analytics

10.6

No

Replicated Transactions

10.4

No

10.5

No

10.6

No

Single Node Transactions

10.4

No

10.5

No

10.6

No

CHANGE HISTORY

Release Series

History

10.6 Enterprise

  • Added in MariaDB Enterprise Server 10.6.8-4.

10.5 Enterprise

  • Added in MariaDB Community Server 10.5.16-11.

10.4 Enterprise

  • Added in MariaDB Community Server 10.4.25-16.

EXTERNAL REFERENCES