Help Center/ Relational Database Service/ User Guide (Kuala Lumpur Region)/ FAQs/ Database Parameter Modification/ How Do I Configure a Password Expiration Policy for RDS for MySQL DB Instances?
Updated on 2022-08-16 GMT+08:00

How Do I Configure a Password Expiration Policy for RDS for MySQL DB Instances?

In MySQL 5.7 and 8.0, you can set the global variable default_password_lifetime to control the default validity period of a user password.

The value of default_password_lifetime indicates how many days until a password expires. The default value is 0, indicating that the created user password will never expire.

Changing the Global Automatic Password Expiration Policy

  • Change the value of the default_password_lifetime parameter on the RDS console.
  • Run the following command to change the value of default_password_lifetime:

    mysql> set global default_password_lifetime=0;

Checking the Password Expiration Date of All Users

Run the following command:

mysql> select user,host,password_expired,password_last_changed,password_lifetime from user;

Checking the Password Expiration Policy of a Specified User

Run the following command:

mysql> show create user jeffrey@'localhost';

EXPIRE DEFAULT indicates that the password follows the global expiration policy.

Configuring the Password Expiration Policy for a Specified User

  • Configuring the password expiration policy during user creation

    create user 'script'@'localhost' identified by '*********' password expire interval 90 day;

  • Configuring the password expiration policy after user creation

    ALTER USER 'script'@'localhost' PASSWORD EXPIRE INTERVAL 90 DAY;

  • Setting the password to be permanently valid

    mysql> CREATE USER 'mike'@'%' PASSWORD EXPIRE NEVER;

    mysql> ALTER USER 'mike'@'%' PASSWORD EXPIRE NEVER;

  • Setting the password to follow the global expiration policy

    mysql> CREATE USER 'mike'@'%' PASSWORD EXPIRE DEFAULT;

    mysql> ALTER USER 'mike'@'%' PASSWORD EXPIRE DEFAULT;