Inadequate Password
Settings for MySQL Database
We observed that the `validate_password%` settings on
hostname `<insert hostname>` are empty. This indicates that the
**validate_password component** is either **not installed, not enabled, or not
properly configured**. As a result, the required **password complexity and
password history settings** are not enforced.
- [Fix MySQL Error 1819: Password Policy
Requirements](https://ostechnix.com/fix-mysql-error-1819-hy000-your-password-does-not-satisfy-the-current-policy-requirements/)
- [Percona Blog on MySQL Password
Security](https://www.percona.com/blog/improving-mysql-password-security-with-validation-plugin/)
### **Action Plan for Password Policy Implementation**
- **Servers:** `SLAVE1,
SLAVE2, and .MASTER`
# Password policy
amended
password_history=5
password_reuse_interval=365
validate_password.length=14
validate_password.policy=STRONG
```
Query OK, 0 rows
affected (0.00 sec)
Query OK, 0 rows
affected (0.04 sec)
Query OK, 0 rows
affected (0.00 sec)
```
4. **Restart MySQL services** sequentially:
- **Restart
Sequence**:
1. **Slave 1 (`SLAVE2`)**
2. **Slave 2 (`SLAVE1`)**
3. **Master (`.MASTER`)**
```
|
Variable_name |
Value |
+--------------------------------------+--------+
|
validate_password.check_user_name |
ON |
|
validate_password.dictionary_file
| |
|
validate_password.length |
14 |
|
validate_password.mixed_case_count |
1 |
|
validate_password.number_count |
1 |
|
validate_password.policy |
STRONG |
|
validate_password.special_char_count | 1
|
+--------------------------------------+--------+
7 rows in set (0.00
sec)
```
+--------------+--------------------+------------------------------------+
| component_id |
component_group_id | component_urn |
+--------------+--------------------+------------------------------------+
| 1 | 1 |
file://component_validate_password |
+--------------+--------------------+------------------------------------+
1 row in set (0.00
sec)
```
3. **Verify replication status and policy enforcement**:
mysql> SHOW
REPLICA STATUS\G;
mysql>show global variables like ‘%password_validate%’;
```
---
Worked on slave SLAVE2
first,Worked on slave SLAVE1 first,and worked on master as lastly |
||||||
Task |
Date |
Status |
Remarks |
SLAVE1 slave(20 mins) |
SLAVE2 slave(time taken
:15mins) |
MASTERDB slave |
Take backup of my.ini before
task( SLAVE1, SLAVE2 and MASTERDB) |
|
|
done |
done |
done |
|
need to do the entry at
my.ini( SLAVE1,SLAVE2 then MASTERDB) |
|
|
|
done |
done |
done |
Run at MYSQL cmd prompt at
slave first and then on master. |
|
|
|
done |
done |
done |
Restart mysql. |
|
|
|
done |
done |
done |
|
|
|
|
done |
done |
done |
Test one new user with low
complex pwd and see able or not |
|
|
|
NA |
NA |
done |
show replica status |
|
|
|
GREEN |
GREEN |
NA |
|
|
|
|
|
|
|
Even without a dictionary file, password validation can
still work effectively in MySQL.
The validate_password.dictionary_file option is used to
specify a file containing a list of common passwords. MySQL will check new
passwords against this dictionary and reject any that match. While using a
dictionary file can provide an extra layer of protection, it's not strictly
necessary for password validation to function.