【MySQL 8.0】账户管理
原创
©著作权归作者所有:来自51CTO博客作者dbprofessional的原创作品,请联系作者获取转载授权,否则将追究法律责任
创建账号
(root@node01) > create user 'tpcc'@'localhost' identified by 'tpcc01';
Query OK, 0 rows affected (0.07 sec)
删除账号
(root@node01) > drop user 'tpcc'@'localhost';
Query OK, 0 rows affected (0.05 sec)
修改密码
(root@node01) > alter user 'tpcc'@'localhost' identified by 'tpcc02';
Query OK, 0 rows affected (0.02 sec)
(root@node01) > set password for 'tpcc'@'localhost'='tpcc01';
Query OK, 0 rows affected (0.06 sec)
修改当前用户密码
(tpcc@localhost) > select current_user();
+----------------+
| current_user() |
+----------------+
| tpcc@localhost |
+----------------+
1 row in set (0.00 sec)
(tpcc@localhost) > alter user user() identified by 'tpcc02';
Query OK, 0 rows affected (0.03 sec)
(tpcc@localhost) > set password='tpcc01';
Query OK, 0 rows affected (0.06 sec)
随生成机密码
(root@node01) > create user 'tpcc'@'localhost' identified by random password;
+------+-----------+----------------------+-------------+
| user | host | generated password | auth_factor |
+------+-----------+----------------------+-------------+
| tpcc | localhost | 30OnF%yfceZi@H0;Uvdg | 1 |
+------+-----------+----------------------+-------------+
1 row in set (0.08 sec)
(root@node01) > alter user 'tpcc'@'localhost' identified by random password;
+------+-----------+----------------------+-------------+
| user | host | generated password | auth_factor |
+------+-----------+----------------------+-------------+
| tpcc | localhost | &[!nqUw%_zq.!KuzU/P% | 1 |
+------+-----------+----------------------+-------------+
1 row in set (0.03 sec)
(root@node01) > set password for 'tpcc'@'localhost' to random;
+------+-----------+----------------------+-------------+
| user | host | generated password | auth_factor |
+------+-----------+----------------------+-------------+
| tpcc | localhost | c0Zsp>hjLQxINEvp{rFJ | 1 |
+------+-----------+----------------------+-------------+
1 row in set (0.04 sec)
全局参数
(root@node01) > show global variables like 'generated_random_password_length'; --随机密码长度默认为20
+----------------------------------+-------+
| Variable_name | Value |
+----------------------------------+-------+
| generated_random_password_length | 20 |
+----------------------------------+-------+
1 row in set (0.01 sec)
锁定账号
(root@node01) > alter user 'tpcc'@'localhost' account lock;
Query OK, 0 rows affected (0.05 sec)
[mysql@node01 ~]$ mysql -utpcc -ptpcc
ERROR 3118 (HY000): Access denied for user 'tpcc'@'localhost'. Account is locked.
解锁账号
(root@node01) > alter user 'tpcc'@'localhost' account unlock;
Query OK, 0 rows affected (0.01 sec)
[mysql@node01 ~]$ mysql -utpcc -ptpcc
(tpcc@localhost) >
密码过期
(root@node01) > alter user 'tpcc'@'localhost' password expire interval 7 day; --密码过期时间
(root@node01) > alter user 'tpcc'@'localhost' password expire; --强制密码过期
[mysql@node01 ~]$ mysql -utpcc -ptpcc
(tpcc@localhost) > use tpcc10
No connection. Trying to reconnect...
Connection id: 26
Current database: *** NONE ***
ERROR 1820 (HY000): You must reset your password using ALTER USER statement before executing this statement.
修改密码
(tpcc@localhost) > set password='tpcc02';
Query OK, 0 rows affected (0.02 sec)
(tpcc@localhost) > use tpcc10
Database changed
全局参数
(root@node01) > show global variables like 'default_password_lifetime'; 默认为0,表示永远不过期
+---------------------------+-------+
| Variable_name | Value |
+---------------------------+-------+
| default_password_lifetime | 0 |
+---------------------------+-------+
1 row in set (0.01 sec)
修改当前用户密码时需指定之前的密码
(root@node01) > create user 'tpcc'@'localhost' identified by 'tpcc01' password require current;
Query OK, 0 rows affected (0.07 sec)
(tpcc@localhost) > alter user 'tpcc'@'localhost' identified by 'tpcc02';
ERROR 3892 (HY000): Current password needs to be specified in the REPLACE clause in order to change it.
(tpcc@localhost) > alter user 'tpcc'@'localhost' identified by 'tpcc02' replace 'tpcc01';
Query OK, 0 rows affected (0.03 sec)
(root@node01) > alter user 'tpcc'@'localhost' password require current optional; --无需指定之前的密码
全局参数
(root@node01) > show global variables like 'password_require_current';
+--------------------------+-------+
| Variable_name | Value |
+--------------------------+-------+
| password_require_current | OFF |
+--------------------------+-------+
1 row in set (0.01 sec)
多次登录失败锁定账号,failed_login_attempts是连续失败次数,password_lock_time是锁定时间,单位是天
(mysql@node01) > create user 'tpcc'@'localhost' identified by 'tpcc' failed_login_attempts 3 password_lock_time 3;
Query OK, 0 rows affected (0.03 sec)
[mysql@node01 ~]$ mysql -utpcc -p
Enter password:
ERROR 1045 (28000): Access denied for user 'tpcc'@'localhost' (using password: YES)
[mysql@node01 ~]$ mysql -utpcc -p
Enter password:
ERROR 1045 (28000): Access denied for user 'tpcc'@'localhost' (using password: YES)
[mysql@node01 ~]$ mysql -utpcc -p
Enter password:
ERROR 3955 (HY000): Access denied for user 'tpcc'@'localhost'. Account is blocked for 3 day(s) (3 day(s) remaining) due to 3 consecutive failed logins.
解锁账号
(mysql@node01) > alter user 'tpcc'@'localhost' account unlock;
Query OK, 0 rows affected (0.05 sec)
一个账号可同时设置两个密码
(mysql@node01) > create user 'tpcc'@'localhost' identified by 'tpcc01'
(mysql@node01) > alter user 'tpcc'@'localhost' identified by 'tpcc02' retain current password;
Query OK, 0 rows affected (0.03 sec)
[mysql@node01 ~]$ mysql -utpcc -ptpcc01
(tpcc@localhost) > select current_user();
+----------------+
| current_user() |
+----------------+
| tpcc@localhost |
+----------------+
1 row in set (0.00 sec)
[mysql@node01 ~]$ mysql -utpcc -ptpcc02
+----------------+
| current_user() |
+----------------+
| tpcc@localhost |
+----------------+
1 row in set (0.00 sec)
(mysql@node01) > alter user 'tpcc'@'localhost' discard old password;
Query OK, 0 rows affected (0.05 sec)
[mysql@node01 ~]$ mysql -utpcc -ptpcc01
mysql: [Warning] Using a password on the command line interface can be insecure.
ERROR 1045 (28000): Access denied for user 'tpcc'@'localhost' (using password: YES)
无密码登录
[mysql@node01 ~]$ mysql_config_editor set --user=root --password --host=node01 --port=3306
Enter password:
[mysql@node01 ~]$ mysql_config_editor set --login-path=tpcc --user=tpcc --password --host=node01 --port=3306
Enter password:
[mysql@node01 ~]$ mysql_config_editor print --all
[client]
user = "root"
password = *****
host = "node01"
port = 3306
[tpcc]
user = "tpcc"
password = *****
host = "node01"
port = 3306
[mysql@node01 ~]$ mysql
(root@node01) > select user();
+-------------+
| user() |
+-------------+
| root@node01 |
+-------------+
1 row in set (0.00 sec)
[mysql@node01 ~]$ mysql --login-path=tpcc
(tpcc@node01) > select user();
+-------------+
| user() |
+-------------+
| tpcc@node01 |
+-------------+
1 row in set (0.00 sec)