Bug #75789 Show dictionary status for validate_password plugin
Submitted: 5 Feb 2015 10:00
Reporter: Daniël van Eeden (OCA) Email Updates:
Status: Open Impact on me:
None 
Category:MySQL Server: Security: Privileges Severity:S4 (Feature request)
Version:5.6.21 OS:Any
Assigned to: CPU Architecture:Any
Tags: password, plugin, policy, validate, validate_password

[5 Feb 2015 10:00] Daniël van Eeden
Description:
If the dictionary file is too big or otherwise unavailable this status should be made available via SQL.

Now it seems to be configured correctly (filename is set and readable and policy is set to STRONG), but it won't actually work.

How to repeat:
mysql> SHOW SESSION VARIABLES LIKE 'validate%';
+--------------------------------------+-----------------------+
| Variable_name                        | Value                 |
+--------------------------------------+-----------------------+
| validate_password_dictionary_file    | /usr/share/dict/words |
| validate_password_length             | 8                     |
| validate_password_mixed_case_count   | 1                     |
| validate_password_number_count       | 1                     |
| validate_password_policy             | STRONG                |
| validate_password_special_char_count | 1                     |
+--------------------------------------+-----------------------+
6 rows in set (0.00 sec)

mysql> SHOW GLOBAL STATUS LIKE '%validate%';
Empty set (0.00 sec)

mysql> \! grep validate_password /var/log/mysqld.log
2015-02-05 10:39:07 13074 [Warning] Plugin validate_password reported: 'Dictionary file size exceed'

Suggested fix:
mysql> SHOW GLOBAL STATUS LIKE 'validate_password_dictionary_status';
+-------------------------------------+-----------------+
| Variable_name                       | Value           |
+-------------------------------------+-----------------+
| validate_password_dictionary_status | FAILED_TOO_BIG  |
+-------------------------------------+-----------------+
1 rows in set (0.00 sec)