Bug #74880 Record last login timestamp per user
Submitted: 16 Nov 2014 10:17 Modified: 13 Jan 2018 18:52
Reporter: Daniël van Eeden (OCA) Email Updates:
Status: Verified Impact on me:
None 
Category:MySQL Server: Security: Privileges Severity:S4 (Feature request)
Version:5.7 OS:Any
Assigned to: CPU Architecture:Any

[16 Nov 2014 10:17] Daniël van Eeden 
Description:
It would be helpfull if I could make a list of users which didn't login to the system for x days. This helps with removing old unused accounts.

It can also be used for security:
 - I login and get to see my last login was earlier today
 - I know this is my first login of the day...so someone authenticated as me without my knowledge.

The increased security from displaying the last login to the user is very minimal, but removal of unused accounts can be very beneficial for security as those accounts might use pre-4.1 passwords hashes which prohibit the DBA from setting secure_auth=1.

How to repeat:
See description
[16 Nov 2014 11:59] Daniël van Eeden 
In performance_schema this is already recorded on a per-IP basis (except for ::1, 127.0.0.1, UNIX sockets and probably named pipes on Windows)

mysql [performance_schema] > SELECT IP, HOST, FIRST_SEEN, LAST_SEEN FROM host_cache;
+--------------+------+---------------------+---------------------+
| IP           | HOST | FIRST_SEEN          | LAST_SEEN           |
+--------------+------+---------------------+---------------------+
| 192.168.1.10 | NULL | 2014-11-16 12:05:52 | 2014-11-16 12:05:58 |
+--------------+------+---------------------+---------------------+
1 row in set (0.00 sec)
[20 Nov 2014 10:43] Georgi Kodinov 
Thank you for the reasonable feature request.
[13 Jan 2018 18:52] Daniël van Eeden 
Duplicate of:
Bug #2682 	When MySQL user last logged into MySQL server.