The simple_password_check
plugin was first released in MariaDB 10.1.2.
simple_password_check
is a password validation plugin. It can check whether a password contains at least a certain number of characters of a specific type. When first installed, a password is required to be at least eight characters, and requires at least one digit, one uppercase character, one lowercase character, and one character that is neither a digit nor a letter.
Note that passwords can be directly set as a hash, bypassing the password validation, if the strict_password_validation variable is OFF
(it is ON
by default).
Although the plugin's shared library is distributed with MariaDB by default, the plugin is not actually installed by MariaDB by default. There are two methods that can be used to install the plugin with MariaDB.
The first method can be used to install the plugin without restarting the server. You can install the plugin dynamically by executing INSTALL SONAME
or INSTALL PLUGIN
. For example:
INSTALL SONAME 'simple_password_check';
The second method can be used to tell the server to load the plugin when it starts up. The plugin can be installed this way by providing the --plugin-load
or the --plugin-load-add
options. This can be specified as a command-line argument to mysqld
or it can be specified in a relevant server option group in an option file. For example:
[mariadb] ... plugin_load_add = simple_password_check
You can uninstall the plugin dynamically by executing UNINSTALL SONAME
or UNINSTALL PLUGIN
. For example:
UNINSTALL SONAME 'simple_password_check';
If you installed the plugin by providing the --plugin-load
or the --plugin-load-add
options in a relevant server option group in an option file, then those options should be removed to prevent the plugin from being loaded the next time the server is restarted.
When creating a new password, if the criteria are not met, the following error is returned:
SET PASSWORD FOR 'bob'@'%.loc.gov' = PASSWORD('abc'); ERROR 1819 (HY000): Your password does not satisfy the current policy requirements
Prior to MariaDB 10.4.0, all password validation plugins are incompatible with the pam
authentication plugin. See Authentication Plugin - PAM: Conflicts with Password Validation for more information.
Version | Status | Introduced |
---|---|---|
1.0 | Stable | MariaDB 10.1.18 |
1.0 | Gamma | MariaDB 10.1.13 |
1.0 | Beta | MariaDB 10.1.11 |
1.0 | Alpha | MariaDB 10.1.2 |
simple_password_check_digits
--simple-password-check-digits=#
numeric
1
0
to 1000
simple_password_check_letters_same_case
--simple-password-check-letters-same-case=#
numeric
1
0
to 1000
simple_password_check_minimal_length
--simple-password-check-minimal-length=#
numeric
8
0
to 1000
simple_password_check_other_characters
--simple-password-check-other-characters=#
numeric
1
0
to 1000
simple_password_check
OFF
- Disables the plugin without removing it from the mysql.plugins
table. ON
- Enables the plugin. If the plugin cannot be initialized, then the server will still continue starting up, but the plugin will be disabled. FORCE
- Enables the plugin. If the plugin cannot be initialized, then the server will fail to start with an error. FORCE_PLUS_PERMANENT
- Enables the plugin. If the plugin cannot be initialized, then the server will fail to start with an error. In addition, the plugin cannot be uninstalled with UNINSTALL SONAME
or UNINSTALL PLUGIN
while the server is running. --simple-password-check=value
enumerated
ON
OFF
, ON
, FORCE
, FORCE_PLUS_PERMANENT
© 2019 MariaDB
Licensed under the Creative Commons Attribution 3.0 Unported License and the GNU Free Documentation License.
https://mariadb.com/kb/en/simple_password_check/