使用ALTER USER 語句鎖定 mysql>ALTER USER 'demo'@'localhost' ACCOUNT LOCK; Query OK, 0 rows affected (0.00 sec) 使用被鎖賬號登錄會報ERROR 3118錯誤: $ mysql -udemo -p Enter password: ERROR 3118 (HY000): Access denied for user 'demo'@'localhost'. Account is locked. 解鎖賬號 mysql>ALTER USER 'demo'@'localhost' ACCOUNT UNLOCK; Query OK, 0 rows affected (0.00 sec)
查看用戶是否鎖定
select user,host,account_locked from mysql.user;
轉自
MySQL 5.7賬號鎖定Account Lock https://majing.io/posts/10000004771184
5.7加入了LOCK ACCOUNT功能和ORACLE一樣了,
但是5.6貌似沒有,但是可以代替用如下方法設置密碼過期。
The mysql.usertable now has a password_expiredcolumn. Its default value is 'N', but can be set to 'Y'with the new ALTER USER statement. After an account's password has been expired, all operations performed in subsequent connections to the server using the account result in an error until the user issues a SET PASSWORDstatement to establish a new account password. For more information, see Section 13.7.1.1, “ALTER USERSyntax”, and Section 6.3.6, “Password Expiration and Sandbox Mode”.
就是下面這個語法 mysql> alter user mytest1@'%' password expire; 如果要恢復 set password for mytest1@'%' = '*******';
注意:只要重置一下過期用戶的密碼就行(注意不能使用 update mysql.user方法來重置密碼)
其實就是MYSQL.USER下面的字段 password_expired 標示了是否過期。
mysql> select user,host,password,password_expired from mysql.user where user = 'root'; +------+---------------------+-------------------------------------------+------------------+ | user | host | password | password_expired | +------+---------------------+-------------------------------------------+------------------+ | root | localhost | *81F5E21E35407D884A6CD4A731AEBFB6AF209E1B | N | | root | all-middle-mysql-10 | *81F5E21E35407D884A6CD4A731AEBFB6AF209E1B | Y | | root | 127.0.0.1 | *81F5E21E35407D884A6CD4A731AEBFB6AF209E1B | Y | | root | ::1 | *81F5E21E35407D884A6CD4A731AEBFB6AF209E1B | Y | +------+---------------------+-------------------------------------------+------------------+ 4 rows in set (0.00 sec)