Bug #77277 default_password_lifetime should be set 0 as implicit default value
Submitted: 9 Jun 2015 9:45 Modified: 12 Jan 2016 16:47
Reporter: Tsubasa Tanaka (OCA) Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: Security: Privileges Severity:S4 (Feature request)
Version:5.7.7 OS:Any
Assigned to: CPU Architecture:Any

[9 Jun 2015 9:45] Tsubasa Tanaka
Description:
This is feature request.

Server variables "default_password_lifetime" is introduced from 5.7.4.

http://dev.mysql.com/doc/refman/5.7/en/server-system-variables.html#sysvar_default_passwor...

Its implicit default value is "360", but, that's too danger value for users who is not expert to MySQL.
Because 5.6 and earlier releases don't have such password-lifetime implementation, thus there is few information about this new implementation.

Password-expiration will make to stop applications.

How to repeat:
1. Newbie and/or lightweight users install 5.7.
2. They sets up account without knowing default_password_lifetime.
3. After 360 days, their application will be stopped.

Suggested fix:
1. Default value of default_password_lifetime set "0"

And/or

2. Inform by error-log and/or returning warning, "this account's password will be expired", when the time is near to its lifetime.
[11 Jun 2015 1:59] Tsubasa Tanaka
This is reflection of my blog post about "default_password_lifetime's default is 360".

http://b.hatena.ne.jp/entry/yoku0825.blogspot.com/2015/06/mysql-574defaultpasswordlifetime...

There're over 500 people has interest about this parameter.

We strongly hope MySQL accepts my suggestion no.1, default value of default_password_lifetime set "0".
[19 Jun 2015 5:58] MySQL Verification Team
Hello Tsubasa-San,

Thank you for the feature request.

Thanks,
Umesh
[5 Oct 2015 13:43] Simon Mudd
I agree.

Also consider the situation when upgrading existing systems to 5.7 from 5.6. It might be possible that you have a 5.6 master and 5.7 slaves running for 360 days (yes, it might happen and may depend on when the slave was first converted to 5.7 from 5.6).

This potentially opens a time-bomb which won't bite you for 1 year and may hit a large number of systems at the same time. If the master still runs 5.6 then you can't fix the slaves by replication but would have to go and fix each slave manually.
[12 Jan 2016 16:47] Paul DuBois
Noted in 5.7.11, 5.8.0 changelogs.

The default value of the default_password_lifetime system variable
that controls the global password expiration policy has been changed
from 360 (360 days) to 0 (no password expiration). The default of 360
sometimes took people by surprise when account passwords expired a
year after upgrading to MySQL 5.7. To continue to use a value other
than 0 as the password expiration, start the server with an explicit
setting for default_password_lifetime. For example, use these lines
in an option file:

[mysqld]
default_password_lifetime=360
[12 Jan 2016 17:43] Morgan Tocker
On behalf of the MySQL team, thank you for the feedback in response to this feature request.  We agree with the original bug reporter that the default of 360 is surprising for users upgrading from previous releases of MySQL.  In response the default has been changed to zero, as of MySQL 5.7.11.

We do however continue to see value in setting a value > 0, as our goal is to be secure by default, without any additional changes required:
http://mysqlserverteam.com/secure-by-default-in-mysql-5-7/

That is to say that we may look at changing the new 5.7.11 default of zero, to a non-zero version in a future release.  We encourage feedback as to how we could make this transition less surprising.  I have created a feature request (Bug #79939) for a startup warning, but there is still room for additional suggestions.