MySQL 5.7 on a new Laptop


MySQL 5.7.5-m15 shoud be an easy install on a new laptop but I got bit! My faitful ol’ laptop has been put to pasture and I am busy getting a new laptop loaded with all the items I need for my job. I set up my Ubuntu 14.04 software and started adding all the usual suspects. That means Ubuntu providing MySQL 5.5 but I wanted 5.7. So I added the package to access the MySQL apt-get repository (see A Quick Guide to Using the MySQL APT Repository. It is proper procedure to go 5.5 to 5.6 to get to 5.7 and I went to 5.6. Login as root after the install and all is fine.

I reconfigure apt-get to grab 5.7 and all installs correctly, or so I thought. I can’t login! Dang. Check the log and see Access denied for user 'root'@'localhost' (using password: YES. And I knew the password I was not being fat fingered.

To make a long story short, I added the following two lines to my /etc/mysql/my.cnf file under the [mysqld] section and was able to login.
plugin-load=validate_password.so
validate_password_policy = LOW

MySQl 5.7 has a slew of new secutiry features and I guessed that my old password did not fit a new default policy. But looking at the installed plugins showed validate_password was not loaded. I also use rather simple passwords on instances that I expierment on and can get by with less than optimal passwords so I set the policy to low.

Below are the relvant variables.
mysql> show variables like 'validate%';
+--------------------------------------+-------+
| Variable_name | Value |
+--------------------------------------+-------+
| validate_password_dictionary_file | |
| validate_password_length | 8 |
| validate_password_mixed_case_count | 1 |
| validate_password_number_count | 1 |
| validate_password_policy | LOW |
| validate_password_special_char_count | 1 |
+--------------------------------------+-------+
6 rows in set (0.00 sec)

mysql> show variables like '%password%';
+--------------------------------------+-------+
| Variable_name | Value |
+--------------------------------------+-------+
| default_password_lifetime | 360 |
| disconnect_on_expired_password | ON |
| old_passwords | 0 |
| report_password | |
| validate_password_dictionary_file | |
| validate_password_length | 8 |
| validate_password_mixed_case_count | 1 |
| validate_password_number_count | 1 |
| validate_password_policy | LOW |
| validate_password_special_char_count | 1 |
+--------------------------------------+-------+
10 rows in set (0.00 sec)

So now I have my new laptop running MySQl 5.7.5 and there are only fifty dozen otehr packages to add.

2 Responses to MySQL 5.7 on a new Laptop

  1. As far as I know the password validation plugin checks the arguments specified to the PASSWORD() function. This function is not used in the authentication phase.

    Also a scramble based authentication is used by default. This is much more secure that the cleartext authentication client plugin which is required for PAM authentication (so use SSL if you use cleartext!). This means that the server normally doesn’t get to see the password during the authentication so it can’t verify if it meets certain criteria. It validates against the stored password hash.

    So I guess the real problem might have been something else.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s