I’ve previously noted my wish to have a comprehensive password policy in MySQL Server. MySQL Server 5.7.4 takes a significant step towards this goal by adding native support for enforcing password lifetime policy. This complements the validate_password plugin introduced in MySQL Server 5.6, which helps ensure adequate password complexity, and builds on the password expiration mechanism also introduced in MySQL Server 5.6. This new feature has a new documentation page, and is covered in the MySQL Server 5.7.4 change logs, which state:
MySQL now enables database administrators to establish a policy for automatic password expiration: Any user who connects to the server using an account for which the password is past its permitted lifetime must change the password.
Good stuff – let’s look at it in some detail. Continue reading Password expiration policy in MySQL Server 5.7