Help Center/ TaurusDB/ FAQs/ Database Parameter Modification/ How Do I Configure a Password Expiration Policy for GaussDB(for MySQL) Instances?
Updated on 2024-09-05 GMT+08:00

How Do I Configure a Password Expiration Policy for GaussDB(for MySQL) Instances?

In GaussDB(for MySQL) 8.0, you can set the global variable default_password_lifetime to control the default validity period of a user password.

The value of default_password_lifetime indicates how many days until a password expires. The default value is 0, indicating that the created user password will never expire.

Changing the Global Automatic Password Expiration Policy

You can change the global automatic password expiration policy in either of the following ways:

  • Change the value of default_password_lifetime on the GaussDB(for MySQL) console.
    1. Log in to the management console.
    2. Click in the upper left corner and select a region and project.
    3. Click in the upper left corner of the page, choose Databases > GaussDB(for MySQL).
    4. On the Instances page, click the instance name.
    5. In the navigation pane, choose Parameters.
    6. Search for default_password_lifetime in the search box.

    7. Change its value and click Save.
    8. In the displayed dialog box, click Yes.
  • Run the following command to change the value of default_password_lifetime:

    set global default_password_lifetime=0;

Checking the Password Expiration Date of All Users

Run the following command:

select user,host,password_expired,password_last_changed,password_lifetime from user;

Checking the Password Expiration Policy of a Specified User

Run the following command:

show create user jeffrey@'localhost';

EXPIRE DEFAULT indicates that the password follows the global expiration policy.

Configuring the Password Expiration Policy for a Specified User

  • Configuring the password expiration policy during user creation

    create user 'script'@'localhost' identified by '*********' password expire interval 90 day;

  • Configuring the password expiration policy after user creation

    ALTER USER 'script'@'localhost' PASSWORD EXPIRE INTERVAL 90 DAY;

  • Setting the password to be permanently valid

    CREATE USER 'mike'@'%' PASSWORD EXPIRE NEVER;

    ALTER USER 'mike'@'%' PASSWORD EXPIRE NEVER;

  • Setting the password to follow the global expiration policy

    CREATE USER 'mike'@'%' PASSWORD EXPIRE DEFAULT;

    ALTER USER 'mike'@'%' PASSWORD EXPIRE DEFAULT;