Warning
SingleStore 9.0 gives you the opportunity to preview, evaluate, and provide feedback on new and upcoming features prior to their general availability. In the interim, SingleStore 8.9 is recommended for production workloads, which can later be upgraded to SingleStore 9.0.
Configuring a Password Policy
On this page
You can configure a robust password policy, including rules for password expiration, reuse, and complexity, by configuring the following engine variables.
When configuring the settings described below, you can use the sdb-admin
tool (sdb-admin update-config .
) so that configuration changes are written to the .
For example, to set passwords to expire after two weeks:
sdb-admin update-config --all --set-global --key "password_expiration_seconds" --value "1209600"
Password Expiration
password_
: The time in seconds before a password expires.0
, which indicates that passwords never expire.
expire_
: Specifies whether the root password can expire.OFF
.OFF
, the password_
duration does not apply to the root password.ON
, the root password expires after the password_
duration is reached.
Note
A password expiration warning is raised to the user on every query, starting 14 days before the password expires.
Password Reuse
password_
: Restricts the reuse of previous user passwords.
SingleStore does not allow setting a user account’s password to one of the last password_
number of passwords for that user.2
, setting a user’s password to its current password or the last password before the current password is disallowed.0
, which indicates that any previous password can be reused.10
.
Password Complexity
The following variables control password complexity requirements.0
(disabled) and the accepted values are integers ranging from 0
to 100
.
password_
: The minimum number of characters required.
password_
: The minimum number of uppercase characters required.
password_
: The minimum number of lowercase characters required.
password_
: The minimum number of numeric digit characters required.
password_
: The minimum number of special (non-alphanumeric) characters required.
password_
: The maximum number of consecutive characters allowed.1234
or abcd
) are disallowed.
password_
: The maximum number of consecutive repeated characters allowed.aaaa
or 1111
) are disallowed.
When a user enters a new password, if the password does not meet the password complexity policy, the following error message is returned:
Error: password does not meet the requirements specified for <variable> in your password complexity policy.
Example Password Complexity Usage
The following stored procedure (you can also use individual SET statements in the command line) creates a password complexity policy where passwords must:
-
be at least 12 characters long
-
include at least one uppercase character
-
include at least one lowercase character
-
include at least one numeric character
-
include at least one special character
CREATE DATABASE db_securityUSE db_securityDELIMITER //CREATE OR REPLACE PROCEDURE set_password_complexity_policy() ASBEGINSET GLOBAL password_min_length=12;SET GLOBAL password_min_uppercase_chars=1;SET GLOBAL password_min_lowercase_chars=1;SET GLOBAL password_min_numeric_chars=1;SET GLOBAL password_min_special_chars=1;END//DELIMITER ;CALL set_password_complexity_policy();
Password Complexity and Existing Passwords
When changes are made to the password complexity policy, existing passwords are not checked.
Password Complexity in Previous Versions
For versions 7.
strict_
: When set to ON
, SingleStore requires that all passwords be at least 6 characters in length, contain at least one letter, and contain at least one number.OFF
.strict-passwords=ON
does not affect current users.
Warning
strict_
is deprecated as of version 7.strict_
and any of the password complexity variables described in this topic, then both sets of rules are enforced.strict_
set to OFF
(the default).
Last modified: February 18, 2025