Help Center/ Relational Database Service/ FAQs/ Database Parameter Modification/ How Do I Configure a Password Expiration Policy for My RDS for MySQL Instance?
Updated on 2024-10-08 GMT+08:00

How Do I Configure a Password Expiration Policy for My RDS for MySQL Instance?

In MySQL 5.6, you can run ALTER USER *** PASSWORD EXPIRE to set the password expiration policy.

In MySQL 5.7 and 8.0, you can set the global variable default_password_lifetime to control the default validity period of a user password.

The value of default_password_lifetime indicates how many days until a password expires. The default value is 0, indicating that the created user password will never expire.

Changing the Global Automatic Password Expiration Policy

Change the value of the default_password_lifetime parameter on the RDS console. For operation details, see Modifying Parameters.

Checking the Password Expiration Date of All Users

Run the following command:

mysql> select user,host,password_expired,password_last_changed,password_lifetime from user;

Checking the Password Expiration Policy of a Specified User

Run the following command:

mysql> show create user jeffrey@'localhost';

EXPIRE DEFAULT indicates that the password follows the global expiration policy.

Configuring the Password Expiration Policy for a Specified User

  • Configuring the password expiration policy during user creation

    create user 'script'@'localhost' identified by '*********' password expire interval 90 day;

  • Configuring the password expiration policy after user creation

    ALTER USER 'script'@'localhost' PASSWORD EXPIRE INTERVAL 90 DAY;

  • Setting the password to be permanently valid

    CREATE USER 'mike'@'%' PASSWORD EXPIRE NEVER;

    ALTER USER 'mike'@'%' PASSWORD EXPIRE NEVER;

  • Setting the password to follow the global expiration policy

    CREATE USER 'mike'@'%' PASSWORD EXPIRE DEFAULT;

    ALTER USER 'mike'@'%' PASSWORD EXPIRE DEFAULT;