Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-6554

Password security complience check

        Details

        • Type: Task
        • Status: Closed
        • Priority: Major
        • Resolution: Duplicate
        • Fix Version/s: N/A
        • Component/s: Plugins
        • Labels:
          None

          Description

          Hi All,
          as per enterprise security requirements I just wanted to ask, if it's possible to extend the complexity policies to meet certain password requirements like:
          enforce password expiration period, like configurable parameter of the password policy? After a certain amount of time password expires and got invalidated?

          In addition to, in order to be fully security compliant, previous passwords should be saved in order to enforce user not to repeat previous N passwords. That feature currently can be implemented using triggers, however superuser always has possibility to replace or change trigger, so embedded mechanism would be preferable =)

          Thank you!

            Gliffy Diagrams

              Attachments

                Issue Links

                is duplicated by

                Task - A task that needs to be done. MDEV-7597 Expiration of user passwords

                • Major - Major loss of function.
                • Open

                Task - A task that needs to be done. MDEV-7598 Block user accounts after failed login attempts

                • Major - Major loss of function.
                • Open
                relates to

                Task - A task that needs to be done. MDEV-6431 password validation

                • Major - Major loss of function.
                • Closed

                  Activity

                  Ascending order - Click to sort in descending order
                  Hide
                  Permalink
                  serg Sergei Golubchik added a comment -

                  Password expiration: yes, possible. I've put a tentative version of 10.2, but this can be changed.

                  To save previous passwords — a password validation plugin (MDEV-6431) can easily do that. But it might require support for multiple password validation plugins.

                  Show
                  serg Sergei Golubchik added a comment - Password expiration: yes, possible. I've put a tentative version of 10.2, but this can be changed. To save previous passwords — a password validation plugin ( MDEV-6431 ) can easily do that. But it might require support for multiple password validation plugins.
                  Hide
                  Permalink
                  colin Colin Charles added a comment -

                  As a design note, Adam Scott (adam.c.scott@gmail.com) on the mailing list says:
                  For MDEV-6554 you may want to add the ability to prevent 3 or more repeating characters and not match the account id.

                  Show
                  colin Colin Charles added a comment - As a design note, Adam Scott (adam.c.scott@gmail.com) on the mailing list says: For MDEV-6554 you may want to add the ability to prevent 3 or more repeating characters and not match the account id.
                  Hide
                  Permalink
                  serg Sergei Golubchik added a comment -

                  Split and moved to MDEV-7597 and MDEV-7598

                  Show
                  serg Sergei Golubchik added a comment - Split and moved to MDEV-7597 and MDEV-7598

                    People

                    • Assignee:
                      serg Sergei Golubchik
                      Reporter:
                      trofimal Aleksej Trofimov
                    • Votes:
                      0 Vote for this issue
                      Watchers:
                      4 Start watching this issue

                      Dates

                      • Created:
                        Updated:
                        Resolved: