How Do I Configure a Password Expiration Policy for RDS for MySQL DB Instances?
In MySQL 5.6, you can run ALTER USER username PASSWORD EXPIRE to set the password expiration policy.
In MySQL 5.7 and 8.0, you can set the global variable default_password_lifetime to control the default validity period of a user password.
The value of default_password_lifetime indicates how many days until a password expires. The default value is 0, indicating that the created user password will never expire.
Changing the Global Automatic Password Expiration Policy
Change the value of the default_password_lifetime parameter on the RDS console.
Checking the Password Expiration Date of All Users
Run the following command:
mysql> select user,host,password_expired,password_last_changed,password_lifetime from user;
Checking the Password Expiration Policy of a Specified User
Run the following command:
mysql> show create user jeffrey@'localhost';
EXPIRE DEFAULT indicates that the password follows the global expiration policy.
Configuring the Password Expiration Policy for a Specified User
- Configuring the password expiration policy during user creation
create user 'script'@'localhost' identified by '*********' password expire interval 90 day;
- Configuring the password expiration policy after user creation
ALTER USER 'script'@'localhost' PASSWORD EXPIRE INTERVAL 90 DAY;
- Setting the password to be permanently valid
CREATE USER 'mike'@'%' PASSWORD EXPIRE NEVER;
ALTER USER 'mike'@'%' PASSWORD EXPIRE NEVER;
- Setting the password to follow the global expiration policy
CREATE USER 'mike'@'%' PASSWORD EXPIRE DEFAULT;
ALTER USER 'mike'@'%' PASSWORD EXPIRE DEFAULT;
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
