How Do I Configure a Password Expiration Policy for My RDS for MySQL Instance?
In MySQL 5.6, you can run ALTER USER *** PASSWORD EXPIRE to set the password expiration policy.
In MySQL 5.7 and 8.0, you can set the global variable default_password_lifetime to control the default validity period of a user password.
The value of default_password_lifetime indicates how many days until a password expires. The default value is 0, indicating that the created user password will never expire.
Changing the Global Automatic Password Expiration Policy
Change the value of the default_password_lifetime parameter on the RDS console.
Checking the Password Expiration Date of All Users
Run the following command:
mysql> select user,host,password_expired,password_last_changed,password_lifetime from user;
Checking the Password Expiration Policy of a Specified User
Run the following command:
mysql> show create user jeffrey@'localhost';
EXPIRE DEFAULT indicates that the password follows the global expiration policy.
Configuring the Password Expiration Policy for a Specified User
- Configuring the password expiration policy during user creation
create user 'script'@'localhost' identified by '*********' password expire interval 90 day;
- Configuring the password expiration policy after user creation
ALTER USER 'script'@'localhost' PASSWORD EXPIRE INTERVAL 90 DAY;
- Setting the password to be permanently valid
CREATE USER 'mike'@'%' PASSWORD EXPIRE NEVER;
ALTER USER 'mike'@'%' PASSWORD EXPIRE NEVER;
- Setting the password to follow the global expiration policy
CREATE USER 'mike'@'%' PASSWORD EXPIRE DEFAULT;
ALTER USER 'mike'@'%' PASSWORD EXPIRE DEFAULT;
- Changing the Global Automatic Password Expiration Policy
- Checking the Password Expiration Date of All Users
- Checking the Password Expiration Policy of a Specified User
- Configuring the Password Expiration Policy for a Specified User