How Do I Configure a Password Expiration Policy for RDS for MySQL DB Instances?
In MySQL 5.7 and 8.0, you can set the global variable default_password_lifetime to control the default validity period of a user password.
The value of default_password_lifetime indicates how many days until a password expires. The default value is 0, indicating that the created user password will never expire.
Changing the Global Automatic Password Expiration Policy
- Change the value of the default_password_lifetime parameter on the RDS console.
- Run the following command to change the value of default_password_lifetime:
mysql> set global default_password_lifetime=0;
Checking the Password Expiration Date of All Users
Run the following command:
mysql> select user,host,password_expired,password_last_changed,password_lifetime from user;
Checking the Password Expiration Policy of a Specified User
Run the following command:
mysql> show create user jeffrey@'localhost';
EXPIRE DEFAULT indicates that the password follows the global expiration policy.
Configuring the Password Expiration Policy for a Specified User
- Configuring the password expiration policy during user creation
create user 'script'@'localhost' identified by '*********' password expire interval 90 day;
- Configuring the password expiration policy after user creation
ALTER USER 'script'@'localhost' PASSWORD EXPIRE INTERVAL 90 DAY;
- Setting the password to be permanently valid
mysql> CREATE USER 'mike'@'%' PASSWORD EXPIRE NEVER;
mysql> ALTER USER 'mike'@'%' PASSWORD EXPIRE NEVER;
- Setting the password to follow the global expiration policy
mysql> CREATE USER 'mike'@'%' PASSWORD EXPIRE DEFAULT;
mysql> ALTER USER 'mike'@'%' PASSWORD EXPIRE DEFAULT;
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
