查看插件:
mysql> show plugins; mysql> select plugin_name,plugin_status,plugin_type,load_option,plugin_library from information_schema.plugins;默认插件目录:
mysql> show variables like 'plugin_dir'; +---------------+------------------------+ | Variable_name | Value | +---------------+------------------------+ | plugin_dir | D:\mysql57\lib\plugin\ | +---------------+------------------------+配置文件中更改插件目录:
[mysqld] plugin_dir="D:/mysql57/lib/plugin/"
插件目录中有较多插件,这是windows中的个数。接下来将安装密码策略的插件 validate_password.dll。
方法一:启动服务时添加
# mysqld --plugin-load="validate_password.dll" --validate-password=FORCE_PLUS_PERMANENT --plugin-load :服务启动时重新加载插件 --plugin-load-add :对当前插件的补充 -early-plugin-load :加载在初始化插件及存储引擎之前的插件 --plugin-load=x --plugin-load-add=y 等价于 --plugin-load="x;y" --plugin-load-add=y --plugin-load=x 等价于 --plugin-load=x
方法二:配置文件中添加(一般不用方法一),随服务启动生效。
[mysqld] plugin-load=validate_password.dll validate-password = FORCE_PLUS_PERMANENT # validate-password =ON/OFF/FORCE/FORCE_PLUS_PERMANENT: 是否使用该插件(及强制/永久强制使用)
方法三:在线添加(如不打算重启服务,可同时使用方法二和方法三)
#在线添加 mysql> INSTALL PLUGIN validate_password SONAME 'validate_password.dll'; #在线卸载 mysql> UNINSTALL PLUGIN validate_password;部分插件安装结果(第一行记录为刚才安装的):
+----------------------------+---------------+--------------------+----------------------+-----------------------+ | plugin_name | plugin_status | plugin_type | load_option | plugin_library | +----------------------------+---------------+--------------------+----------------------+-----------------------+ | validate_password | ACTIVE | VALIDATE PASSWORD | FORCE_PLUS_PERMANENT | validate_password.dll | | sha256_password | ACTIVE | AUTHENTICATION | FORCE | NULL | | PERFORMANCE_SCHEMA | ACTIVE | STORAGE ENGINE | FORCE | NULL | | partition | ACTIVE | STORAGE ENGINE | ON | NULL | | ngram | ACTIVE | FTPARSER | ON | NULL | | mysql_native_password | ACTIVE | AUTHENTICATION | FORCE | NULL | | MyISAM | ACTIVE | STORAGE ENGINE | FORCE | NULL |查看插件 validate_password 相关变量:
mysql> show global variables like '%validate_password%'; +--------------------------------------+--------+ | Variable_name | Value | +--------------------------------------+--------+ | validate_password_dictionary_file | | | validate_password_length | 8 | | validate_password_mixed_case_count | 1 | | validate_password_number_count | 1 | | validate_password_policy | MEDIUM | | validate_password_special_char_count | 1 | +--------------------------------------+--------+validate_password_dictionary_file :验证密码的字典文件,与之相同的不可使用
validate_password_length :密码最少长度
validate_password_number_count :最少数字字符数
validate_password_mixed_case_count :最少大写和小写字符数(同时有大写和小写)
validate_password_special_char_count :最少特殊字符数
validate_password_policy :密码安全策略:
0/LOW:只限长度,
1/MEDIUM:限制长度、数字、字母、特殊字符
2/STRONG:限制长度、数字、字母、特殊字符、字典
查看插件 validate_password 相关状态:
mysql> SHOW STATUS LIKE 'validate_password%'; +-----------------------------------------------+---------------------+ | Variable_name | Value | +-----------------------------------------------+---------------------+ | validate_password_dictionary_file_last_parsed | 2018-03-05 12:13:06 | | validate_password_dictionary_file_words_count | 0 | +-----------------------------------------------+---------------------+validate_password_dictionary_file_last_parsed :字典文件最近读取时间
validate_password_dictionary_file_words_count :从字典文件的单词数
测试(当前默认策略:validate_password_policy=MEDIUM)
mysql> create user test@'localhost' identified by '12345678'; ERROR 1819 (HY000): Your password does not satisfy the current policy requirements mysql> create user test@'localhost' identified by 'Aa_12345'; Query OK, 0 rows affected (0.03 sec)
validate_password_dictionary_file 字典文件可以排除关键字,如不允许密码中使用文件中的字符串。
字典文件满足以下条件:
1. 密码策略为:STRONG 2. 文件中的字符串每行一个 3. 文件中符串每为小写,不区分大小写 4. 文件最大为 1MB 5. 文件字符集为utf8 6. 随时修改不用重启服务 7. 文件可读配置文件内容:D:/mysql57/lib/plugin/dictionary_file
12345 aa_12345在线更改变量:
mysql> set global validate_password_dictionary_file = "D:/mysql57/lib/plugin/dictionary_file"; mysql> set global validate_password_policy = STRONG;
在线更改变量有一个 bug,由于缓存不自动刷新原因,字典文件对于已经存在的插件缓存不会变,所以在线更改上面两个变量虽然可以更改,但不会刷新缓存(Bug #66697:need ability to flush password validation dictionary file) 。因此在配置文件中设置,并且重启服务重新加载插件。
plugin-load=validate_password.dll validate-password = FORCE_PLUS_PERMANENT validate_password_dictionary_file = "D:/mysql57/lib/plugin/dictionary_file" validate_password_policy = STRONG测试结果:
mysql> show global variables like '%validate_password%'; +--------------------------------------+---------------------------------------+ | Variable_name | Value | +--------------------------------------+---------------------------------------+ | validate_password_dictionary_file | D:/mysql57/lib/plugin/dictionary_file | | validate_password_length | 8 | | validate_password_mixed_case_count | 1 | | validate_password_number_count | 1 | | validate_password_policy | STRONG | | validate_password_special_char_count | 1 | +--------------------------------------+---------------------------------------+ 6 rows in set, 1 warning (0.00 sec) mysql> create user test@'localhost' identified by 'Aa_12346'; Query OK, 0 rows affected (0.07 sec) mysql> create user test1@'localhost' identified by 'Aa_12345'; ERROR 1819 (HY000): Your password does not satisfy the current policy requirements mysql>使用密码 “Aa_12346” 不会报错,而使用密码 “Aa_12345”则出现错误,因为该密码与字典文件中的 “aa_12345”一样。
参考:MySQL Server Plugins 、The Password Validation Plugin