[#MDEV-9072] MariaDB Community Edition needs password complexity, expiration, and reuse

[MDEV-9072] MariaDB Community Edition needs password complexity, expiration, and reuse Created: 2015-11-02 Updated: 2015-12-07 Resolved: 2015-11-04
Status:	Closed
Project:	MariaDB Server
Component/s:	Authentication and Privilege System
Fix Version/s:	N/A

Type:

Task

Priority:

Major

Reporter:

Andy Ferretti

Assignee:

Unassigned

Resolution:

Duplicate

Votes:

Labels:

None

Issue Links:

Duplicate
duplicates	~~MDEV-9244~~	Add password auto expiration option a...	Closed
is duplicated by	~~MDEV-6431~~	password validation	Closed
is duplicated by	~~MDEV-7597~~	Expiration of user passwords	Closed
is duplicated by	~~MDEV-9245~~	password "reuse prevention" validatio...	Closed

Description

In order to comply with common industry security standards, MariaDB needs the following:
1. Password complexity. Require at least 8 characters with 3 of 4 categories (lower case, upper case, numbers, special characters).
2. Password Expiration: Able to set a password expiration for user account.
3. Password Reuse: Prevent reuse of password based on number of days.

Comments

Comment by Sergei Golubchik [ 2015-11-02 ]

"Password complexity" task is delegated in MariaDB 10.1 to password validation plugins. In particular, the rule like "at least 8 characters with 3 of 4 categories" can be done with the simple_password_check plugin.
"Password expiration" checks are not supported in MariaDB 10.1. They can be implemented in 10.2 though. See ~~MDEV-7597~~.
"Password reuse" prevention can be easily implemented as a password validation plugin in MariaDB 10.1. But we don't ship a ready-to-use plugin for it yet.

Comment by Sergei Golubchik [ 2015-11-04 ]

This issue is, in fact, three different issues, where the first one — ~~MDEV-6431~~ — is already completed, the second — ~~MDEV-7597~~ — will probably be in 10.2, and the third is basically covered by ~~MDEV-6431~~, but we don't have a ready-to-use plugin for it.

Thus I'm closing this issue as a duplicate of ~~MDEV-6431~~ and ~~MDEV-7597~~. Shall I create a new issue for a password reuse prevention plugin?

Comment by Sergei Golubchik [ 2015-12-07 ]

Created ~~MDEV-9245~~ — password "reuse prevention" validation plugin

Generated at Thu Feb 08 07:31:55 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.

[MDEV-9072] MariaDB Community Edition needs password complexity, expiration, and reuse Created: 2015-11-02 Updated: 2015-12-07 Resolved: 2015-11-04