This article is shared from the HUAWEI CLOUD community "How to ensure your DWS data is more secure" Using DWS clusters, how to unlock users who are locked? ", Author: Shirley_Dou.
1. The administrator user is locked, how to break it? gsql: FATAL: The account has been locked.
1. Resetting the cluster password can be automatically unlocked. On the cluster management page, find the corresponding cluster reset password
2. Use the reset password to connect to the database
2. Get ordinary users to unlock new skills
1. Before unlocking, first query and confirm the status of all current users
rolstatus:
• 0: Normal status.
• 1: Locked for a certain period of time because the number of failed logins exceeds the threshold.
• 2: Locked by administrator.
2. Use the administrator user to connect to the database, and then execute the following command to unlock
3. GUC parameter setting
For security reasons, GaussDB (DWS) manages account passwords through the following GUC parameters in the cluster parameters. In the management console, click the cluster name and switch to the "Parameter Modification" page to modify parameters
• failed_login_attempts: The number of times the password is entered incorrectly (recommended value is 10). If the value exceeds the set value, the database account will be automatically locked, which can be unlocked through the second method above.
• password_effect_time: The validity period of the account password (90 days by default), which can be modified with ALTER USER after connecting to the database.
•password_lock_time: The time to automatically unlock the account after it is locked (the default value is 1 day, and the value is 0~365 days)
∗ 0 means that when the password verification fails, the automatic lock function will not take effect.
∗ A positive number means that after the account is locked, the account will be automatically unlocked when the lock time exceeds the value set by password_lock_time.
4. Password setting and modification
1. It is recommended that system administrators and ordinary users should change their passwords regularly to avoid illegal theft of account passwords.
Use the administrator user to connect to the database and execute the following command:
ALTER USER user1 IDENTIFIED BY 'newpassword' REPLACE 'oldpassword';
2. Administrators can modify their own or ordinary user passwords.
By modifying the passwords of other accounts, solve the problem of being unable to log in due to the loss of user passwords.
ALTER USER joe IDENTIFIED BY 'password';
3. Password verification
Password verification is required when setting the user and role for the current session. If the input password is inconsistent with the user's stored password, an error will be reported.
SET ROLE joe PASSWORD 'password'; SET ROLE
Click to follow and learn about Huawei Cloud's fresh technologies for the first time~
The country's first IDE that supports multi-environment development——CEC-IDE Microsoft has integrated Python into Excel, and Uncle Gui participated in the framework formulation. Chinese programmers refused to write gambling programs and were pulled out 14 teeth, with 88% body damage . Podman Desktop, an open-source imitation Song font, breaks through 500,000 downloads. Automatically skips opening screen advertisements. The application "Li Tiao Tiao" stops updating indefinitely. There is a remote code execution vulnerability Xiaomi filed mios.cn website domain name