MySQL8.0.16账户双密码实验一例
从MySQL 8.0.14开始,允许用户帐户拥有双密码,指定为主密码和辅助密码。
双密码功能可以在以下场景中无缝地执行凭证更改:
系统有大量MySQL服务器,可能涉及主从复制
多个应用程序连接到不同的MySQL服务器
必须对应用程序用于连接服务器的帐户进行定期密码更改
实验如下:
mysql版本:
mysql>select version();
+-----------+
| version() |
+-----------+
| 8.0.16 |
+-----------+
1 row in set (0.00 sec)
mysql>create user root@'%' identified by '123456';
Query OK, 0 rows affected (0.25 sec)
mysql>grant all privileges on *.* to root@'%';
Query OK, 0 rows affected (0.10 sec)
mysql>alter user root@'%' identified by 'root' RETAIN CURRENT PASSWORD;
Query OK, 0 rows affected (0.28 sec)
开另外一个session:
两个密码都可以登录:
# mysql -uroot -p123456 -h 192.168.140.52
mysql: [Warning] Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 21
Server version: 8.0.16 MySQL Community Server - GPL
Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql>\q
Bye
[root@test2 ~]# mysql -uroot -proot -h 192.168.140.52
mysql: [Warning] Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 22
Server version: 8.0.16 MySQL Community Server - GPL
Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql>\q
Bye
丢弃旧密码:
mysql>alter user root@'%' DISCARD OLD PASSWORD;
Query OK, 0 rows affected (0.12 sec)
开另外一个会话,用旧密码登录报错:
# mysql -uroot -p123456 -h 192.168.140.52
mysql: [Warning] Using a password on the command line interface can be insecure.
ERROR 1045 (28000): Access denied for user 'root'@'192.168.140.52' (using password: YES)
新密码可以登录:
# mysql -uroot -p123456 -h 192.168.140.52
mysql: [Warning] Using a password on the command line interface can be insecure.
ERROR 1045 (28000): Access denied for user 'root'@'192.168.140.52' (using password: YES)
[root@test2 ~]#
[root@test2 ~]#
[root@test2 ~]# mysql -uroot -proot -h 192.168.140.52
mysql: [Warning] Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 27
Server version: 8.0.16 MySQL Community Server - GPL
Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql>\q
Bye
备注:
RETAIN CURRENT PASSWORD保留帐户当前密码作为其辅助密码,替换任何现有的二级密码。新密码将成为主密码,
但客户端可以使用该帐户使用主密码或辅助密码连接到服务器。
对于ALTER USER, DISCARD OLD PASSWORD丢弃二级密码(如果存在)。该帐户仅保留其主密码,客户端可以使用
该帐户仅使用主密码连接到服务器。