This section describes the system and status variables that 本节介绍validate_password provides to enable its operation to be configured and monitored.validate_password提供的系统和状态变量,以配置和监视其操作。
If the 如果启用了validate_password component is enabled, it exposes several system variables that enable configuration of password checking:validate_password组件,它将公开几个系统变量,以启用密码检查的配置:
mysql> SHOW VARIABLES LIKE 'validate_password.%';
+--------------------------------------+--------+
| Variable_name | Value |
+--------------------------------------+--------+
| validate_password.check_user_name | ON |
| validate_password.dictionary_file | |
| validate_password.length | 8 |
| validate_password.mixed_case_count | 1 |
| validate_password.number_count | 1 |
| validate_password.policy | MEDIUM |
| validate_password.special_char_count | 1 |
+--------------------------------------+--------+
To change how passwords are checked, you can set these system variables at server startup or at runtime. The following list describes the meaning of each variable.要更改密码的检查方式,您可以在服务器启动或运行时设置这些系统变量。以下列表描述了每个变量的含义。
validate_password.check_user_name
| Command-Line Format | --validate-password.check-user-name[={OFF|ON}] |
|---|---|
| System Variable | validate_password.check_user_name |
| Scope | Global |
| Dynamic | Yes |
SET_VAR Hint Applies | No |
| Type | Boolean |
| Default Value | ON |
Whether validate_password compares passwords to the user name part of the effective user account for the current session and rejects them if they match. This variable is unavailable unless validate_password is installed.validate_password是否将密码与当前会话的有效用户帐户的用户名部分进行比较,如果匹配则拒绝密码。除非安装了validate_password,否则此变量不可用。
By default, 默认情况下,validate_password.check_user_name is enabled. validate_password.check_user_name处于启用状态。This variable controls user name matching independent of the value of 此变量控制用户名匹配,与validate_password.policy.validate_password.policy的值无关。
When 启用validate_password.check_user_name is enabled, it has these effects:validate_password.check_user_name后,它具有以下效果:
Checking occurs in all contexts for which 检查发生在调用validate_password is invoked, which includes use of statements such as ALTER USER or SET PASSWORD to change the current user's password, and invocation of functions such as VALIDATE_PASSWORD_STRENGTH().validate_password的所有上下文中,包括使用ALTER USER或SET PASSWORD等语句更改当前用户的密码,以及调用VALIDATE_PASSWORD_STRENGTH()等函数。
The user names used for comparison are taken from the values of the 用于比较的用户名取自当前会话的USER() and CURRENT_USER() functions for the current session. USER()和CURRENT_USER()函数的值。An implication is that a user who has sufficient privileges to set another user's password can set the password to that user's name, and cannot set that user's password to the name of the user executing the statement. 这意味着,有足够权限设置另一个用户密码的用户可以将密码设置为该用户的名称,而不能将该用户的密码设置为执行语句的用户的名称。For example, 例如,'root'@'localhost' can set the password for 'jeffrey'@'localhost' to 'jeffrey', but cannot set the password to 'root.'root'@'localhost'可以将'jeffrey'@'localhost'的密码设置为'jeffrey',但不能将密码设置为'root'。
Only the user name part of the 仅使用USER() and CURRENT_USER() function values is used, not the host name part. If a user name is empty, no comparison occurs.USER()和CURRENT_USER()函数值的用户名部分,不使用主机名部分。如果用户名为空,则不会进行比较。
If a password is the same as the user name or its reverse, a match occurs and the password is rejected.如果密码与用户名相同或相反,则会发生匹配,密码将被拒绝。
User-name matching is case-sensitive. The password and user name values are compared as binary strings on a byte-by-byte basis.用户名匹配区分大小写。密码和用户名值作为二进制字符串逐字节进行比较。
If a password matches the user name, 如果密码与用户名匹配,则VALIDATE_PASSWORD_STRENGTH() returns 0 regardless of how other validate_password system variables are set.VALIDATE_PASSWORD_STRENGTH()返回0,而不管其他validate_password系统变量是如何设置的。
validate_password.dictionary_file
| Command-Line Format | --validate-password.dictionary-file=file_name |
|---|---|
| System Variable | validate_password.dictionary_file |
| Scope | Global |
| Dynamic | Yes |
SET_VAR Hint Applies | No |
| Type | File name |
The path name of the dictionary file that validate_password uses for checking passwords. This variable is unavailable unless validate_password is installed.validate_password用于检查密码的字典文件的路径名。除非安装了validate_password,否则此变量不可用。
By default, this variable has an empty value and dictionary checks are not performed. For dictionary checks to occur, the variable value must be nonempty. 默认情况下,此变量的值为空,不执行字典检查。为了进行字典检查,变量值必须非空。If the file is named as a relative path, it is interpreted relative to the server data directory. 如果文件被命名为相对路径,则它将相对于服务器数据目录进行解释。File contents should be lowercase, one word per line. 文件内容应小写,每行一个单词。Contents are treated as having a character set of 内容被视为具有utf8. The maximum permitted file size is 1MB.utf8字符集。允许的最大文件大小为1MB。
For the dictionary file to be used during password checking, the password policy must be set to 2 (对于要在密码检查期间使用的词典文件,密码策略必须设置为2(STRONG); see the description of the validate_password.policy system variable. STRONG);请参阅validate_password.policy系统变量的描述。Assuming that is true, each substring of the password of length 4 up to 100 is compared to the words in the dictionary file. Any match causes the password to be rejected. Comparisons are not case-sensitive.假设这是真的,将长度为4到100的密码的每个子字符串与字典文件中的单词进行比较。任何匹配都会导致密码被拒绝。比较不区分大小写。
For 对于VALIDATE_PASSWORD_STRENGTH(), the password is checked against all policies, including STRONG, so the strength assessment includes the dictionary check regardless of the validate_password.policy value.VALIDATE_PASSWORD_STRENGTH(),将根据所有策略(包括STRONG)检查密码,因此强度评估包括字典检查,而不管validate_password.policy值如何。
validate_password.dictionary_file can be set at runtime and assigning a value causes the named file to be read without a server restart.validate_password.dictionary_file可以在运行时设置,分配一个值会导致在不重新启动服务器的情况下读取命名文件。
| Command-Line Format | --validate-password.length=# |
|---|---|
| System Variable | validate_password.length |
| Scope | Global |
| Dynamic | Yes |
SET_VAR Hint Applies | No |
| Type | Integer |
| Default Value | 8 |
| Minimum Value | 0 |
The minimum number of characters that validate_password requires passwords to have. This variable is unavailable unless validate_password is installed.validate_password要求密码具有的最小字符数。除非安装了validate_password,否则此变量不可用。
The validate_password.length minimum value is a function of several other related system variables. The value cannot be set less than the value of this expression:validate_password.length最小值是其他几个相关系统变量的函数。该值不能设置为小于此表达式的值:
validate_password.number_count + validate_password.special_char_count + (2 * validate_password.mixed_case_count)
If 如果validate_password adjusts the value of validate_password.length due to the preceding constraint, it writes a message to the error log.validate_password由于前面的约束而调整了validate_password.length的值,它会将一条消息写入错误日志。
validate_password.mixed_case_count
| Command-Line Format | --validate-password.mixed-case-count=# |
|---|---|
| System Variable | validate_password.mixed_case_count |
| Scope | Global |
| Dynamic | Yes |
SET_VAR Hint Applies | No |
| Type | Integer |
| Default Value | 1 |
| Minimum Value | 0 |
The minimum number of lowercase and uppercase characters that 如果密码策略为validate_password requires passwords to have if the password policy is MEDIUM or stronger. This variable is unavailable unless validate_password is installed.MEDIUM或更高,则validate_password要求密码具有的最小小写和大写字符数。除非安装了validate_password,否则此变量不可用。
For a given 对于给定的validate_password.mixed_case_count value, the password must have that many lowercase characters, and that many uppercase characters.validate_password.mixed_case_count值,密码必须有那么多小写字符和那么多大写字符。
validate_password.number_count
| Command-Line Format | --validate-password.number-count=# |
|---|---|
| System Variable | validate_password.number_count |
| Scope | Global |
| Dynamic | Yes |
SET_VAR Hint Applies | No |
| Type | Integer |
| Default Value | 1 |
| Minimum Value | 0 |
The minimum number of numeric (digit) characters that 如果密码策略为MEDIUM或更高,则validate_password requires passwords to have if the password policy is MEDIUM or stronger. validate_password要求密码具有的最小数字字符数。This variable is unavailable unless 除非安装了validate_password is installed.validate_password,否则此变量不可用。
| Command-Line Format | --validate-password.policy=value |
|---|---|
| System Variable | validate_password.policy |
| Scope | Global |
| Dynamic | Yes |
SET_VAR Hint Applies | No |
| Type | Enumeration |
| Default Value | 1 |
| Valid Values |
|
The password policy enforced by 由validate_password. This variable is unavailable unless validate_password is installed.validate_password执行的密码策略。除非安装了validate_password,否则此变量不可用。
validate_password.policy affects how validate_password uses its other policy-setting system variables, except for checking passwords against user names, which is controlled independently by validate_password.check_user_name.validate_password.policy影响validate_password如何使用其其他策略设置系统变量,但根据用户名检查密码除外,这由validate_password.check_user_name独立控制。
The validate_password.policy value can be specified using numeric values 0, 1, 2, or the corresponding symbolic values LOW, MEDIUM, STRONG. validate_password.policy值可以使用数值0、1、2或相应的符号值LOW、MEDIUM、STRONG指定。The following table describes the tests performed for each policy. 下表描述了为每个策略执行的测试。For the length test, the required length is the value of the 对于长度测试,所需的长度是validate_password.length system variable. validate_password.length系统变量的值。Similarly, the required values for the other tests are given by other 同样,其他测试所需的值由其他validate_password. variables.xxxvalidate_password.xxx变量给出。
| Policy | Tests Performed |
|---|---|
0 or LOW | Length |
1 or MEDIUM | Length; numeric, lowercase/uppercase, and special characters |
2 or STRONG | Length; numeric, lowercase/uppercase, and special characters; dictionary file |
validate_password.special_char_count
| Command-Line Format | --validate-password.special-char-count=# |
|---|---|
| System Variable | validate_password.special_char_count |
| Scope | Global |
| Dynamic | Yes |
SET_VAR Hint Applies | No |
| Type | Integer |
| Default Value | 1 |
| Minimum Value | 0 |
The minimum number of nonalphanumeric characters that 如果密码策略为MEDIUM或更高,则validate_password requires passwords to have if the password policy is MEDIUM or stronger. validate_password要求密码具有的非字母数字字符的最小数量。This variable is unavailable unless 除非安装了validate_password is installed.validate_password,否则此变量不可用。
If the 如果启用了validate_password component is enabled, it exposes status variables that provide operational information:validate_password组件,它将公开提供操作信息的状态变量:
mysql> SHOW STATUS LIKE 'validate_password.%';
+-----------------------------------------------+---------------------+
| Variable_name | Value |
+-----------------------------------------------+---------------------+
| validate_password.dictionary_file_last_parsed | 2019-10-03 08:33:49 |
| validate_password.dictionary_file_words_count | 1902 |
+-----------------------------------------------+---------------------+
The following list describes the meaning of each status variable.以下列表描述了每个状态变量的含义。
validate_password.dictionary_file_last_parsed
When the dictionary file was last parsed. This variable is unavailable unless 上次解析词典文件的时间。除非安装了validate_password is installed.validate_password,否则此变量不可用。
validate_password.dictionary_file_words_count
The number of words read from the dictionary file. This variable is unavailable unless 从词典文件中读取的单词数。除非安装了validate_password is installed.validate_password,否则此变量不可用。
In MySQL 8.0, the 在MySQL 8.0中,validate_password plugin was reimplemented as the validate_password component. validate_password插件被重新实现为validate_password组件。The validate_password plugin is deprecated; expect it to be removed in a future version of MySQL. validate_password插件已弃用;预计它将在MySQL的未来版本中被删除。Consequently, its options are also deprecated, and you should expect them to be removed as well. 因此,它的选项也被弃用,您应该期望它们也会被删除。MySQL installations that use the plugin should make the transition to using the component instead. 使用该插件的MySQL安装应该过渡到使用该组件。See Section 6.4.3.3, “Transitioning to the Password Validation Component”.请参阅第6.4.3.3节,“转换到密码验证组件”。
To control activation of the 要控制validate_password plugin, use this option:validate_password插件的激活,请使用此选项:
| Command-Line Format | --validate-password[=value] |
|---|---|
| Type | Enumeration |
| Default Value | ON |
| Valid Values |
|
This option controls how the server loads the deprecated 此选项控一致性务器在启动时如何加载已弃用的validate_password plugin at startup. validate_password插件。The value should be one of those available for plugin-loading options, as described in Section 5.6.1, “Installing and Uninstalling Plugins”. 该值应该是插件加载选项可用的值之一,如第5.6.1节,“安装和卸载插件”所述。For example, 例如,--validate-password=FORCE_PLUS_PERMANENT tells the server to load the plugin at startup and prevents it from being removed while the server is running.--validate-password=FORCE_PLUS_PERMANENT告诉服务器在启动时加载插件,并防止在服务器运行时将其删除。
This option is available only if the 仅当validate_password plugin has been previously registered with INSTALL PLUGIN or is loaded with --plugin-load-add. validate_password插件之前已在INSTALL PLUGIN中注册或已使用--plugin-load-add加载时,此选项才可用。See Section 6.4.3.1, “Password Validation Component Installation and Uninstallation”.请参阅第6.4.3.1节,“密码验证组件的安装和卸载”。
In MySQL 8.0, the 在MySQL 8.0中,validate_password plugin was reimplemented as the validate_password component. validate_password插件被重新实现为validate_password组件。The validate_password plugin is deprecated; expect it to be removed in a future version of MySQL. validate_password插件已弃用;预计它将在MySQL的未来版本中被删除。Consequently, its system variables are also deprecated and you should expect them to be removed as well. 因此,它的系统变量也被弃用,您应该期望它们也被删除。Use the corresponding system variables of the 请改用validate_password component instead; see Password Validation Component System Variables. validate_password组件的相应系统变量;请参阅密码验证组件系统变量。MySQL installations that use the plugin should make the transition to using the component instead. 使用该插件的MySQL安装应该过渡到使用该组件。See Section 6.4.3.3, “Transitioning to the Password Validation Component”.请参阅第6.4.3.3节,“转换到密码验证组件”。
validate_password_check_user_name
| Command-Line Format | --validate-password-check-user-name[={OFF|ON}] |
|---|---|
| System Variable | validate_password_check_user_name |
| Scope | Global |
| Dynamic | Yes |
SET_VAR Hint Applies | No |
| Type | Boolean |
| Default Value | ON |
This 此validate_password plugin system variable is deprecated; expect it to be removed in a future version of MySQL. validate_password插件系统变量已弃用;预计它将在MySQL的未来版本中被删除。Use the corresponding 请改用validate_password.check_user_name system variable of the validate_password component instead.validate_password组件的相应validate_password.check_user_name系统变量。
validate_password_dictionary_file
| Command-Line Format | --validate-password-dictionary-file=file_name |
|---|---|
| System Variable | validate_password_dictionary_file |
| Scope | Global |
| Dynamic | Yes |
SET_VAR Hint Applies | No |
| Type | File name |
This 此validate_password plugin system variable is deprecated; expect it to be removed in a future version of MySQL. validate_password插件系统变量已弃用;预计它将在MySQL的未来版本中被删除。Use the corresponding 请改用validate_password.dictionary_file system variable of the validate_password component instead.validate_password组件的相应validate_password.dictionary_file系统变量。
| Command-Line Format | --validate-password-length=# |
|---|---|
| System Variable | validate_password_length |
| Scope | Global |
| Dynamic | Yes |
SET_VAR Hint Applies | No |
| Type | Integer |
| Default Value | 8 |
| Minimum Value | 0 |
This 此validate_password plugin system variable is deprecated; expect it to be removed in a future version of MySQL. Use the corresponding validate_password.length system variable of the validate_password component instead.validate_password插件系统变量已弃用;预计它将在MySQL的未来版本中被删除。请改用validate_password组件的相应validate_password.length系统变量。
validate_password_mixed_case_count
| Command-Line Format | --validate-password-mixed-case-count=# |
|---|---|
| System Variable | validate_password_mixed_case_count |
| Scope | Global |
| Dynamic | Yes |
SET_VAR Hint Applies | No |
| Type | Integer |
| Default Value | 1 |
| Minimum Value | 0 |
This 此validate_password plugin system variable is deprecated; expect it to be removed in a future version of MySQL. Use the corresponding validate_password.mixed_case_count system variable of the validate_password component instead.validate_password插件系统变量已弃用;预计它将在MySQL的未来版本中被删除。请改用validate_password组件的相应validate_password.mixed_case_count系统变量。
validate_password_number_count
| Command-Line Format | --validate-password-number-count=# |
|---|---|
| System Variable | validate_password_number_count |
| Scope | Global |
| Dynamic | Yes |
SET_VAR Hint Applies | No |
| Type | Integer |
| Default Value | 1 |
| Minimum Value | 0 |
This 此validate_password plugin system variable is deprecated; expect it to be removed in a future version of MySQL. validate_password插件系统变量已弃用;预计它将在MySQL的未来版本中被删除。Use the corresponding 请改用validate_password.number_count system variable of the validate_password component instead.validate_password组件的相应validate_password.number_count系统变量。
| Command-Line Format | --validate-password-policy=value |
|---|---|
| System Variable | validate_password_policy |
| Scope | Global |
| Dynamic | Yes |
SET_VAR Hint Applies | No |
| Type | Enumeration |
| Default Value | 1 |
| Valid Values |
|
This 此validate_password plugin system variable is deprecated; expect it to be removed in a future version of MySQL. validate_password插件系统变量已弃用;预计它将在MySQL的未来版本中被删除。Use the corresponding 请改用validate_password.policy system variable of the validate_password component instead.validate_password组件的相应validate_password.policy系统变量。
validate_password_special_char_count
| Command-Line Format | --validate-password-special-char-count=# |
|---|---|
| System Variable | validate_password_special_char_count |
| Scope | Global |
| Dynamic | Yes |
SET_VAR Hint Applies | No |
| Type | Integer |
| Default Value | 1 |
| Minimum Value | 0 |
This 此validate_password plugin system variable is deprecated; expect it to be removed in a future version of MySQL. validate_password插件系统变量已弃用;预计它将在MySQL的未来版本中被删除。Use the corresponding 请改用validate_password.special_char_count system variable of the validate_password component instead.validate_password组件的相应validate_password.special_char_count系统变量。
In MySQL 8.0, the 在MySQL 8.0中,validate_password plugin was reimplemented as the validate_password component. validate_password插件被重新实现为validate_password组件。The validate_password plugin is deprecated; expect it to be removed in a future version of MySQL. validate_password插件已弃用;预计它将在MySQL的未来版本中被删除。Consequently, its status variables are also deprecated; expect it to be removed. Use the corresponding status variables of the 因此,其状态变量也被弃用;预计它会被删除。使用validate_password component; see Password Validation Component Status Variables.validate_password组件的相应状态变量;请参阅密码验证组件状态变量。 MySQL installations that use the plugin should make the transition to using the component instead. 使用该插件的MySQL安装应该过渡到使用该组件。See Section 6.4.3.3, “Transitioning to the Password Validation Component”.请参阅第6.4.3.3节,“转换到密码验证组件”。
validate_password_dictionary_file_last_parsed
This 此validate_password plugin status variable is deprecated; expect it to be removed in a future version of MySQL. validate_password插件状态变量已弃用;预计它将在MySQL的未来版本中被删除。Use the corresponding 请改用validate_password.dictionary_file_last_parsed status variable of the validate_password component instead.validate_password组件的相应validate_password.dictionary_file_last_parsed状态变量。
validate_password_dictionary_file_words_count
This 此validate_password plugin status variable is deprecated; expect it to be removed in a future version of MySQL. Use the corresponding validate_password.dictionary_file_words_count status variable of the validate_password component instead.validate_password插件状态变量已弃用;预计它将在MySQL的未来版本中被删除。请改用validate_password组件的相应validate_password.dictionary_file_words_count状态变量。