Hi Tompkins,
Check the below URL, looks like useful for your project.
20) set_password('username','hostname','oldpassword','newpassword');
(version 0.1.1) (version 0.1.4 added oldpassword) -- Changes password for
any user (if current user is root), otherwise changes own password if
current user is not root. can change the password up to 11times in 1 day and
stores the last 5 passwords which were not changed for at least 24hrs. Does
not permit the new password to be the same as any of the old passwords.
Resets update count if more than 24hrs passed from last first update of the
day. Password must be longer than '10 characters (configurable amount
through sec_config.password_length)'. Complexity requirements are set on
sec_config:
1. password_length_check
2. password_dictionary_check
3. password_lowercase_check
4. password_uppercase_check
5. password_number_check
6. password_special_character_check
7. password_username_check
Root user doesn't need to abide to the above password restrictions when
creating a new user since the latter will have to change the password and
set one of his own.
In order for a user to change one's old password, the user needs to supply
the old password apart from the new one as well.
For more details, check the below link
http://code.google.com/p/securich/wiki/Documentation
Thanks,
Suresh Kuna
MySQL DBA
On Fri, Jan 22, 2010 at 11:52 PM, Tompkins Neil <
neil.tompk...@googlemail.com> wrote:
> Hi
>
> Thanks for all the responses. In the end I opted for
> a separate UserPasswords table, which records all old passwords. When a
> user changes their password, this table is checked. NB All passwords are
> stored in SHA256.
>
> Thanks again for your advice.
>
> Regards
> Neil
>
> On Wed, Jan 20, 2010 at 12:08 PM, Jørn Dahl-Stamnes
> <sq...@dahl-stamnes.net>wrote:
>
> > On Wednesday 20 January 2010 01:10, Daevid Vincent wrote:
> > > > -----Original Message-----
> > > > From: John Meyer [mailto:john.l.me...@gmail.com]
> > > > Sent: Monday, January 18, 2010 5:04 PM
> > > > To: co...@obviouslymalicious.com; mysql@lists.mysql.com
> > > > Subject: Re: Record old passwords ?
> > > >
> > > > Although, on an OT, forcing people to not use a password that they
> > > > have recently used is a bad idea. What they eventually do is go with
> > > > something like "hometown01" "hometown02", etc. Or worse, they start
> > > > writing down their passwords which is a whole other security problem.
> > >
> > > Amen to that. At my work, they require a password change every month,
> but
> > > they store the last 6 passwords you used, so I do exactly what you say
> --
> > I
> > > have a logbook and store the same 6 passwords in it and just cycle
> them.
> > > Other "tricks" I do, is use a pattern on the keyboard and just shift
> it.
> > > None of this is secure, and I totally know it (although I'm not picking
> > > "secret" or something as my PW, it's random letters/numbers/symbols).
> But
> > I
> > > hate the policy and I'm kind of a rebel like that. ;-p
> >
> > Several years ago I worked at a place where users had to change their
> > windows
> > password every N month and they kept a long history log of used password.
> >
> > My solution to this was to write a program that asked me for my current
> > password and how many previous used password the system remembered. The
> > program worked like this:
> >
> > for (n = 0; no_of_stored_password > n; n++) {
> > set_password(random_generated_password);
> > do_a_short_sleep();
> > }
> > set_password(original_password);
> >
> > ... and the problem was solved :)
> >
> > --
> > Jørn Dahl-Stamnes
> > homepage: http://www.dahl-stamnes.net/dahls/
> >
> > --
> > MySQL General Mailing List
> > For list archives: http://lists.mysql.com/mysql
> > To unsubscribe:
> > http://lists.mysql.com/mysql?unsub=neil.tompk...@googlemail.com
> >
> >
>
--
Thanks
Suresh Kuna
MySQL DBA
