I am using RHEL 7, which includes MariaDB 5.5.
I want to set up minimum requirements for passwords: minimums length 15, 1 lowercase, 1 uppercase, 1 symbol, 1 number.
I figure that I am probably not the first person using Rhel 7 to face this problem. Does anyone have some guidance on the best approach to add the above password rules to MariaDB 5.5 under Rhel 7?
I have so far pieced together these facts. (Some I am not so sure are correct.) I believe these facts indicate my best option is to just do whatever 5.5. allows.
- MariaDB 5.5 doesn't do this. There is no plugin.
- MariaDB 5.7
introduced new password features. - MariaDB 10.1 and later has password
plugin with this functionality. - Installing an updated MariaDB on Rhel
7 would requiring making my own RPM and possibly put the system
security at risk. - I could write my own password routines and put them
in the database. But this is not recommended, because it is easy to
introduce a security flaw. - I can configure 5.5 to work with Linux's
PAM, or use the standard linux-user-name-matches-the-mysql-account-name authentication.
Best Answer
A couple of comments:
unix_socket
plugin for authentication. This only works on localhost, i.e. the user has to be logged in on the database server./etc/yum.repos.d/
directory. You can use the repo config tool on mariadb.org.It's up to you to decide whether it's worth the effort to upgrade to MariaDB 10.1+ and thereby be able to use the password checking plugins -
simple_password_check
andcracklib_password_check
. (10.4 is now GA, though at the moment this is still relatively new, so you may want to consider 10.3 or older as a more stable release.)