Configuring a password policy is an Enterprise Only feature.
You can configure a password policy, including policies on password expiration, reuse, and complexity, by configuring the following system variables on all aggregator nodes - see How to Update System Variables.
Password expiration
password_expiration_seconds
: The time in seconds before a password expires. The default value is 0
, which indicates that passwords will never expire.
expire_root_password
: Specifies whether the root password can expire. The default value is OFF
. When set to OFF
, the password_expiration_seconds
duration does not apply to the root password. If set to ON
, the root password will expire after the password_expiration_seconds
duration is reached.
Password reuse
password_history_count
: Restricts the reuse of previous user passwords. This variable is the number of previous passwords per user that MemSQL will store and disallow from reuse.
MemSQL will disallow setting a user account’s password to one of the last password_history_count
number of passwords for that user. The count includes the current password. For example, if set to 2
, setting a user’s password to its current password or the last password before the current password is disallowed. The default value is 0
, which indicates that any previous password can be reused. The maximum is 10
.
Password complexity requirements
strict-passwords
: When set to ON
, MemSQL will require that all passwords be at least 6 characters in length, contain at least one letter, and contain at least one number. The default value is OFF
.