Outdated Version

You are viewing an older version of this section. View current production version.

Configuring a Password Policy min read


Info

This topic does not apply to MemSQL Helios.

You can configure a password policy, including policies on password expiration, reuse, and complexity, by configuring the following engine variables on all aggregator nodes - see the engine variables overview.

Password expiration

password_expiration_seconds: The time in seconds before a password expires. The default value is 0, which indicates that passwords will never expire.

expire_root_password: Specifies whether the root password can expire. The default value is OFF. When set to OFF, the password_expiration_seconds duration does not apply to the root password. If set to ON, the root password will expire after the password_expiration_seconds duration is reached.

Password reuse

password_history_count: Restricts the reuse of previous user passwords. This variable is the number of previous passwords per user that MemSQL will store and disallow from reuse.

MemSQL will disallow setting a user account’s password to one of the last password_history_count number of passwords for that user. The count includes the current password. For example, if set to 2, setting a user’s password to its current password or the last password before the current password is disallowed. The default value is 0, which indicates that any previous password can be reused. The maximum is 10.

Password complexity requirements

strict_passwords: When set to ON, MemSQL will require that all passwords be at least 6 characters in length, contain at least one letter, and contain at least one number. The default value is OFF. Enabling ​strict-passwords=ON​​ does not affect current users.