MySQL supports locking and unlocking user accounts using the MySQL支持使用ACCOUNT LOCK and ACCOUNT UNLOCK clauses for the CREATE USER and ALTER USER statements:CREATE USER和ALTER USER语句的ACCOUNT LOCK和ACCOUNT UNLOCK子句锁定和解锁用户帐户:
When used with 当与CREATE USER, these clauses specify the initial locking state for a new account. CREATE USER一起使用时,这些子句指定新帐户的初始锁定状态。In the absence of either clause, the account is created in an unlocked state.如果没有任何一个子句,则帐户将以解锁状态创建。
If the 如果启用了validate_password component is enabled, creating an account without a password is not permitted, even if the account is locked. See Section 6.4.3, “The Password Validation Component”.validate_password组件,则不允许创建没有密码的帐户,即使帐户已锁定。请参阅第6.4.3节,“密码验证组件”。
When used with 当与ALTER USER, these clauses specify the new locking state for an existing account. ALTER USER一起使用时,这些子句指定现有帐户的新锁定状态。In the absence of either clause, the account locking state remains unchanged.在没有任何子句的情况下,帐户锁定状态保持不变。
As of MySQL 8.0.19, 从MySQL 8.0.19开始,使用ALTER USER ... UNLOCK unlocks any account named by the statement that is temporarily locked due to too many failed logins. See Section 6.2.15, “Password Management”.ALTER USER ... UNLOCK解锁由语句命名的任何帐户,该帐户因登录失败次数过多而暂时锁定。请参阅第6.2.15节,“密码管理”。
Account locking state is recorded in the 帐户锁定状态记录在account_locked column of the mysql.user system table. mysql.user系统表的account_locked列中。The output from SHOW CREATE USER indicates whether an account is locked or unlocked.SHOW CREATE USER的输出指示帐户是锁定还是解锁。
If a client attempts to connect to a locked account, the attempt fails. 如果客户端尝试连接到锁定的帐户,则尝试失败。The server increments the 服务器递增Locked_connects status variable that indicates the number of attempts to connect to a locked account, returns an ER_ACCOUNT_HAS_BEEN_LOCKED error, and writes a message to the error log:Locked_connects状态变量,该变量指示连接到锁定帐户的尝试次数,返回ER_ACCOUNT_HAS_BEEN_LOCKED错误,并将消息写入错误日志:
Access denied for user 'user_name'@'host_name'. Account is locked.
Locking an account does not affect being able to connect using a proxy user that assumes the identity of the locked account. 锁定帐户不会影响使用假定锁定帐户身份的代理用户进行连接。It also does not affect the ability to execute stored programs or views that have a 它也不会影响执行具有命名锁定帐户的DEFINER attribute naming the locked account. That is, the ability to use a proxied account or stored programs or views is not affected by locking the account.DEFINER属性的存储程序或视图的能力。也就是说,锁定帐户不会影响使用代理帐户或存储程序或视图的能力。
The account-locking capability depends on the presence of the 帐户锁定功能取决于account_locked column in the mysql.user system table.mysql.user系统表中是否存在account_locked列。 For upgrades from MySQL versions older than 5.7.6, perform the MySQL upgrade procedure to ensure that this column exists. 对于从5.7.6之前的MySQL版本升级,请执行MySQL升级过程以确保此列存在。See Section 2.11, “Upgrading MySQL”. 请参阅第2.11节,“升级MySQL”。For nonupgraded installations that have no 对于没有account_locked column, the server treats all accounts as unlocked, and using the ACCOUNT LOCK or ACCOUNT UNLOCK clauses produces an error.account_locked列的未升级安装,服务器将所有帐户视为已解锁,使用ACCOUNT LOCK或ACCOUNT UNLOCK子句会产生错误。