If the Harbor service fails to log in after restarting, the password must be correct, but it cannot be logged in. Because it is deployed on the intranet and cannot be retrieved using mailboxes, measures are changed directly in the Harbor database. The following is the content of the notes.
There is no doubt that we can only enter the background mysql of the harbor to modify it, but the data found that the password of the mysql in the harbor is the pbkdf2 algorithm, the hash function called is Sha1, iterated 4096 times, and the key length is 16 bits int Obtained, so you can't update with a plain text password, you must calculate the key through an algorithm, and then update can be successful.
The following is the key calculation algorithm, the calculation of the plain text is 123QWEqwe, the salt value is gktqer4zml32472wmht9xeuixvg5pvjd, the number of iterations is 4096, the key length is 16 bits
The running environment is python2 version. Note: The module name of python 3 has been modified, and an error will be reported when running.
import hmac import hashlib from struct import Struct from operator import xor from itertools import izip, starmap _pack_int = Struct('>I').pack def pbkdf2_hex(data, salt, iterations=4096, keylen=16, hashfunc=None): return pbkdf2_bin(data, salt, iterations, keylen, hashfunc).encode('hex') def pbkdf2_bin(data, salt, iterations=4096, keylen=16, hashfunc=None): hashfunc = hashfunc or hashlib.sha1 mac = hmac.new(data, None, hashfunc) def _pseudorandom(x, mac=mac): h = mac.copy() h.update(x) return map(ord, h.digest()) buf = [] for block in xrange(1, -(-keylen // mac.digest_size) + 1): rv = u = _pseudorandom(salt + _pack_int(block)) for i in xrange(iterations - 1): u = _pseudorandom(''.join(map(chr, u))) rv = starmap(xor, izip(rv, u)) buf.extend(rv) return ''.join(map(chr, buf))[:keylen] rv = pbkdf2_hex('123QWEqwe', 'gktqer4zml32472wmht9xeuixvg5pvjd', 4096, 16) print(rv)
Run the python file directly after modifying the clear text password and salt value
# python xx.py
500026b9f02e84d1f41e7546b9b2d524
Start to modify the harbor password now
docker exec -it b07b3206fea5 /bin/bash
psql (9.6.14)
Type "help" for help.
postgres=# help
You are using psql, the command-line interface to PostgreSQL.
Type: \copyright for distribution terms
\h for help with SQL commands
\? for help with psql commands
\g or terminate with semicolon to execute query
\q to quit
postgres = # psql -U postgres -d postgres -h 127.0.0.1 -p 5432 # Enter psttsql client
postgres=# \c registry #进入registry 数据库
You are now connected to database "registry" as user "postgres".
postgres = # select * from harbor_user; #Query all users
# Update the user password password will be the encrypted password, salt is the salt value, which is displayed according to the select query result
postgres = # update harbor_user set password = '500026b9f02e84d1f41e7546b9b2d524', salt = 'oafrcwi1rh83bem3cnfldltaw4cf9pqm' where username = 'admin';
postgres = # \ q #exit postsql database