Help Center> Relational Database Service> User Guide (Ankara Region)> FAQs> Database Parameter Modification> How Do I Configure a Password Expiration Policy for RDS for MySQL DB Instances?
Updated on 2024-04-11 GMT+08:00

How Do I Configure a Password Expiration Policy for RDS for MySQL DB Instances?

In MySQL 5.6, you can run ALTER USER username PASSWORD EXPIRE to set the password expiration policy.

In MySQL 5.7 and 8.0, you can set the global variable default_password_lifetime to control the default validity period of a user password.

The value of default_password_lifetime indicates how many days until a password expires. The default value is 0, indicating that the created user password will never expire.

Changing the Global Automatic Password Expiration Policy

Change the value of the default_password_lifetime parameter on the RDS console.

Checking the Password Expiration Date of All Users

Run the following command:

mysql> select user,host,password_expired,password_last_changed,password_lifetime from user;

Checking the Password Expiration Policy of a Specified User

Run the following command:

mysql> show create user jeffrey@'localhost';

EXPIRE DEFAULT indicates that the password follows the global expiration policy.

Configuring the Password Expiration Policy for a Specified User

  • Configuring the password expiration policy during user creation

    create user 'script'@'localhost' identified by '*********' password expire interval 90 day;

  • Configuring the password expiration policy after user creation

    ALTER USER 'script'@'localhost' PASSWORD EXPIRE INTERVAL 90 DAY;

  • Setting the password to be permanently valid

    CREATE USER 'mike'@'%' PASSWORD EXPIRE NEVER;

    ALTER USER 'mike'@'%' PASSWORD EXPIRE NEVER;

  • Setting the password to follow the global expiration policy

    CREATE USER 'mike'@'%' PASSWORD EXPIRE DEFAULT;

    ALTER USER 'mike'@'%' PASSWORD EXPIRE DEFAULT;