授权给用户较弱的密码
mysql> GRANT ALL PRIVILEGES ON *.* TO root@'localhost' IDENTIFIED BY '123@com';
提示报错
ERROR 1819 (HY000): Your password does not satisfy the current policy requirements
-- 错误1819(HY000):您的密码不符合当前的策略要求
修复-MySQL错误1819(HY000):您的密码不符合当前的策略要求
1.查询当前的密码策略级别
在新版Mysql中加入了validate_password插件用于测试密码并提高安全性;这会影响ALTER USER, CREATE USER, GRANT,和 SET PASSWORD语句。
首先,我们需要找到当前的密码策略级别
mysql> SHOW VARIABLES LIKE 'validate_password%';
+--------------------------------------+--------+
| Variable_name | Value |
+--------------------------------------+--------+
| validate_password_check_user_name | OFF |
| validate_password_dictionary_file | |
| validate_password_length | 8 |
| validate_password_mixed_case_count | 1 |
| validate_password_number_count | 1 |
| validate_password_policy | MEDIUM |
| validate_password_special_char_count | 1 |
+--------------------------------------+--------+
7 rows in set (0.01 sec)
#参数说明:
validate_password_check_user_name :用户名检测,默认关闭
validate_password_dictionary_file :字典文件,就是要在字典规则里才能满足密码的条件。
validate_password_length :密码的长度至少为8位
validate_password_mixed_case_count :密码中至少有一个大写小字母
validate_password_number_count :密码中至少一个数字
validate_password_special_char_count :密码中至少一个特殊字符
validate_password_policy :密码的安全策略
validate_password_policy 参数可选值:MEDIUM或者0 、LOW或者1、STRONG或者2
LOW :策略仅测试密码长度。密码长度必须至少为8个字符。
MEDIUM :策略添加了密码必须至少包含1个数字字符,1个小写字符,1个大写字符和1个特殊(非字母数字)字符的条件。
STRONG :策略添加了长度为4或更长的密码子字符串不能匹配字典文件中的字词(如果已经指定)的条件。
所以最终的密码设置策略就是:不得低于8位,而且必须至少有一个大写和一个小写字母、至少一个数字和至少的一个特殊字符组成;
最基本的规则:大写+小写+特殊字符+数字组成的8位以上密码
2.更改MySQL中的密码验证策略
mysql> SET GLOBAL validate_password_policy = 0;
Query OK, 0 rows affected (0.00 sec)
-- 或
mysql> SET GLOBAL validate_password_policy=LOW;
Query OK, 0 rows affected (0.00 sec)
#检查密码策略是否已更改为低
mysql> SHOW VARIABLES LIKE 'validate_password%';
+--------------------------------------+-------+
| Variable_name | Value |
+--------------------------------------+-------+
| validate_password_check_user_name | OFF |
| validate_password_dictionary_file | |
| validate_password_length | 8 |
| validate_password_mixed_case_count | 1 |
| validate_password_number_count | 1 |
| validate_password_policy | LOW |
| validate_password_special_char_count | 1 |
+--------------------------------------+-------+
7 rows in set (0.00 sec)
#现在可以授权给用户或创建用户弱密码
mysql> GRANT ALL PRIVILEGES ON *.* TO zzc@'172.16.1.7' IDENTIFIED BY '12345678';
Query OK, 0 rows affected, 1 warning (0.00 sec)
mysql> CREATE USER zzc@'172.16.1.7' IDENTIFIED BY '12345678';
Query OK, 0 rows affected (0.00 sec)
#提示报错,超过密码策略的长度
mysql> GRANT ALL PRIVILEGES ON *.* TO zzc@'172.16.1.7' IDENTIFIED BY '12345';
ERROR 1819 (HY000): Your password does not satisfy the current policy requirements
#修改密码策略长度
mysql> -- 设置密码长度最低为5位
mysql> SET GLOBAL validate_password_length=5;
Query OK, 0 rows affected (0.00 sec)
mysql> SHOW VARIABLES LIKE 'validate_password%';
+--------------------------------------+--------+
| Variable_name | Value |
+--------------------------------------+--------+
| validate_password_check_user_name | OFF |
| validate_password_dictionary_file | |
| validate_password_length | 5 |
| validate_password_mixed_case_count | 1 |
| validate_password_number_count | 1 |
| validate_password_policy | MEDIUM |
| validate_password_special_char_count | 1 |
+--------------------------------------+--------+
7 rows in set (0.00 sec)
#修改成功
mysql> GRANT ALL PRIVILEGES ON *.* TO zzc@'172.16.1.7' IDENTIFIED BY '12345';
Query OK, 0 rows affected, 1 warning (0.00 sec)
#恢复到中级策略,执行以下命令
mysql> SET GLOBAL validate_password_policy = 1;
Query OK, 0 rows affected (0.00 sec)
-- 或
mysql> SET GLOBAL validate_password_policy=MEDIUM;
Query OK, 0 rows affected (0.00 sec)