Lock User Account upon Login Failures with PAM Authentication Plugin (Doc ID 2254651.1)

Last updated on MAY 04, 2017

Applies to:

MySQL Server - Version 5.5 and later
Information in this document applies to any platform.

Goal

As of MySQL 5.5, MySQL Enterprise Edition includes PAM authentication plugin, which outsource authentication to PAM libraries which is installed on the host. PAM has an ability to block further logins when certain times of login attempt fails. Combining this capability and PAM authentication plugin allows to MySQL Server to block login attempts for user account which failed certain times. Failed logins may be a symptom of unauthorized access from attackers. So, locking account will make your MySQL Server more secure. But be careful that it will block login attempts from your applications, too, once the user account is locked due to login failures.
 

Solution

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms