Does tidb-server have a feature to lock a user after incorrect password attempts, or how to implement it?

Note:
This topic has been translated from a Chinese forum by GPT and might contain errors.

Original topic: tidb-server有没有用户密码出错就锁定用户的功能,或者怎么实现

| username: TiDBer_pkQ5q1l0

【TiDB Usage Environment】Production Environment
【TiDB Version】5.2.1
【Reproduction Path】What operations were performed when the issue occurred
【Encountered Issue: Issue Phenomenon and Impact】
Due to security audit requirements, we need to support login failure handling. Does TiDB have this feature implemented?

| username: xingzhenxiang | Original post link

[Password Consecutive Error Login Restriction Policy]

| username: buddyyuan | Original post link

For versions below 6.5, you can only manually lock accounts by directly modifying the mysql.user table. In version 6.5, you can use the method mentioned above.

update mysql.user set account_locked ='Y' where user='test1';
select user, account_locked from mysql.user;
FLUSH PRIVILEGES;
| username: TiDBer_pkQ5q1l0 | Original post link

How to detect user password login failure in versions below 6.5?

| username: 啦啦啦啦啦 | Original post link

The password management feature is only supported starting from version 6.5. Versions below 6.5 cannot automatically restrict login based on consecutive incorrect password attempts. If you need this feature, you will have to upgrade.

| username: xingzhenxiang | Original post link

Sorry, I didn’t notice the version information.

| username: system | Original post link

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.