Activate validate_password Plugin

Recently i encounter an uprising among PHP Developers that , they must write a script additionally checking the strength of MySQL user password at creation time. So, just for note that there is ready to use plugin in MySQL named: validate_password.so The file location is default in plugin_dir in Linux:

mysql> select @@plugin_dir; 
+--------------------------+ 
| @@plugin_dir | 
+--------------------------+ 
| /usr/lib64/mysql/plugin/ | 
+--------------------------+ 
1 row in set (0,00 sec) 

List this directory:

[root@linuxsrv3 plugin]# ls 
adt_null.so auth_test_plugin.so innodb_engine.so mypluglib.so qa_auth_server.so validate_password.so auth.so daemon_example.ini libdaemon_example.so qa_auth_client.so semisync_master.so auth_socket.so debug libmemcached.so qa_auth_interface.so semisync_slave.so

As you see there is a validate_password.so. So what is the defaults of this plugin and how it works? In General if this plugin activated, User will only be able to create passwords with following specifications: 1. Greater or equal to 8 char length. 2. At least 1 number 3. At least 1 non-letter non-number (eg. #, % ,!) 4. At least 1 Upper case letter So the sample password will be: “Sh@rkp45!” or something similar. All weak passwords such as “12345” , “acbsg54” will not allowed to create:

mysql> create user "nc"@"%" identified by '12345'; 
ERROR 1819 (HY000): Your password does not satisfy the current policy requirements 

Question is, will i be able to connect with already created user before activating plugin? Answer is: YES. So how to activate plugin. Simply add this to my.cnf file under [mysqld] catalog:

    # Password Validation # 

    plugin-load=validate_password.so 
    validate-password=FORCE_PLUS_PERMANENT 

Restart Server. And that’s all. Force + Permanent will guarantee that plugin can not be disabled at run time or while running MySQL. If you want to change default values for this plugin Read documentation: Validate Password Plugin

Author: Shahriyar Rzayev

Azerbaijan MySQL User Group leader.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s