ERROR 1819 (HY000): Your password does not satisfy the current policy requirements
為了加強安全性,MySQL5.7為root使用者隨機生成了一個密碼,在error log中,關於error log的位置,如果安裝的是RPM包,則預設是/var/log/mysqld.log。
一般可通過log_error設定
mysql> select @@log_error; +---------------------+ | @@log_error | +---------------------+ | /var/log/mysqld.log | +---------------------+ 1 row in set (0.00 sec)
可通過# grep "password" /var/log/mysqld.log 命令獲取MySQL的臨時密碼
2016-01-19T05:16:36.218234Z 1 [Note] A temporary password is generated for root@localhost: waQ,qR%be2(5
用該密碼登入到服務端後,必須馬上修改密碼,不然會報如下錯誤:
mysql> select user(); ERROR 1820 (HY000): You must reset your password using ALTER USER statement before executing this statement.
如果只是修改為一個簡單的密碼,會報以下錯誤:
mysql>ALTER USER USER() IDENTIFIED BY '12345678'; ERROR 1819 (HY000): Your password does not satisfy the current policy requirements
這個其實與validate_password_policy的值有關。
validate_password_policy有以下取值:
| Policy | Tests Performed |
|---|---|
0 or LOW |
Length |
1 or MEDIUM |
Length; numeric, lowercase/uppercase, and special characters |
2 or STRONG |
Length; numeric, lowercase/uppercase, and special characters; dictionary file |
預設是1,即MEDIUM,所以剛開始設定的密碼必須符合長度,且必須含有數字,小寫或大寫字母,特殊字元。
有時候,只是為了自己測試,不想密碼設定得那麼複雜,譬如說,我只想設定root的密碼為123456。
必須修改兩個全域性引數:
首先,修改validate_password_policy引數的值
mysql> set global validate_password_policy=0; Query OK, 0 rows affected (0.00 sec)
這樣,判斷密碼的標準就基於密碼的長度了。這個由validate_password_length引數來決定。
mysql> select @@validate_password_length; +----------------------------+ | @@validate_password_length | +----------------------------+ | 8 | +----------------------------+ 1 row in set (0.00 sec)
validate_password_length引數預設為8,它有最小值的限制,最小值為:
validate_password_number_count + validate_password_special_char_count + (2 * validate_password_mixed_case_count)
其中,validate_password_number_count指定了密碼中資料的長度,validate_password_special_char_count指定了密碼中特殊字元的長度,validate_password_mixed_case_count指定了密碼中大小字母的長度。
這些引數,預設值均為1,所以validate_password_length最小值為4,如果你顯性指定validate_password_length的值小於4,儘管不會報錯,但validate_password_length的值將設為4。如下所示:
mysql> select @@validate_password_length; +----------------------------+ | @@validate_password_length | +----------------------------+ | 8 | +----------------------------+ 1 row in set (0.00 sec) mysql> set global validate_password_length=1; Query OK, 0 rows affected (0.00 sec) mysql> select @@validate_password_length; +----------------------------+ | @@validate_password_length | +----------------------------+ | 4 | +----------------------------+ 1 row in set (0.00 sec)
如果修改了validate_password_number_count,validate_password_special_char_count,validate_password_mixed_case_count中任何一個值,則validate_password_length將進行動態修改。
mysql> select @@validate_password_length; +----------------------------+ | @@validate_password_length | +----------------------------+ | 4 | +----------------------------+ 1 row in set (0.00 sec) mysql> select @@validate_password_mixed_case_count; +--------------------------------------+ | @@validate_password_mixed_case_count | +--------------------------------------+ | 1 | +--------------------------------------+ 1 row in set (0.00 sec) mysql> set global validate_password_mixed_case_count=2; Query OK, 0 rows affected (0.00 sec) mysql> select @@validate_password_mixed_case_count; +--------------------------------------+ | @@validate_password_mixed_case_count | +--------------------------------------+ | 2 | +--------------------------------------+ 1 row in set (0.00 sec) mysql> select @@validate_password_length; +----------------------------+ | @@validate_password_length | +----------------------------+ | 6 | +----------------------------+ 1 row in set (0.00 sec)
當然,前提是validate_password外掛必須已經安裝,MySQL5.7是預設安裝的。
那麼如何驗證validate_password外掛是否安裝呢?可通過檢視以下引數,如果沒有安裝,則輸出將為空。
mysql> SHOW VARIABLES LIKE 'validate_password%'; +--------------------------------------+-------+ | Variable_name | Value | +--------------------------------------+-------+ | validate_password_dictionary_file | | | validate_password_length | 6 | | validate_password_mixed_case_count | 2 | | validate_password_number_count | 1 | | validate_password_policy | LOW | | validate_password_special_char_count | 1 | +--------------------------------------+-------+ 6 rows in set (0.00 sec)