Authentication for MariaDB Enterprise Server
Overview
MariaDB Enterprise Server authentication is performed by database user accounts. Database user accounts are specified by user name, the hostname from which the account is connecting, and the authentication plugins configured for the account, such as mysql_native_password, pam, or unix_socket.
Change Password
The password for a database user account can be changed using the ALTER TABLE, ALTER USER, and SET PASSWORD statements.
With ALTER USER: ALTER USER 'USER'@'192.0.2.%' IDENTIFIED BY 'PASSWD';
With SET PASSWORD:
SET PASSWORD FOR 'USER'@'192.0.2.%'
= PASSWORD('PASSWD');
Password Validation Plugins
If your MariaDB Enterprise Server node has a password validation plugin installed, then the password should also meet the configured requirements. When you try to set or change a user's password and the password validation plugin rejects the password, the following error message will be shown:
ERROR HY000: Your password does not satisfy the current policy requirements.
By default, the MariaDB Enterprise Server installs the simple_password_check plugin, but the cracklib_password_check plugin is also available.
For simple_password_check, the password requirements are configured by several system variables:
- simple_password_check_digits
- imple_password_check_letters_same_case
- simple_password_check_minimal_length
- simple_password_check_other_characters
Authentication Plugins
MariaDB Enterprise Server uses authentication plugins to support different authentication methods. The default authentication plugin is mysql_native_password.
