HighGo瀚高数据库用户密码安全策略
HigoGo默认创建的用户是有有效期的,默认只有5次失败重试和7天有效期
管理员登录
$ psql -U highgo -d highgo
highgo=#
查看安全策略配置
highgo=# select show_secure_param();
show_secure_param
---------------------------------------
hg_idcheck.pwdlock = 5 time(s), +
hg_idcheck.pwdlocktime = 24 hour(s), +
hg_idcheck.pwdvaliduntil = 7 day(s), +
查看用户密码有效期(要用管理员账号登录)
$ psql -U highgo -d highgo
highgo=# select * from pg_shadow where usename='test';
usename | usesysid | usecreatedb | usesuper | userepl | usebypassrls | passwd | valuntil | useconfig
---------+----------+-------------+----------+---------+--------------+-------------------------------------+-------------------------------+-----------
test | 16384 | f | f | f | f | md5986bd3b1dd894221851efd79376f7d8a | 2021-10-22 02:54:43.356614+08 |
密码过期后的解锁
方法1)管理员用户登录对指定锁定的用户进行解锁操作
$ psql -U highgo
highgo=# select user_unlock('test');
方法2)用户本地登录,alter修改自己的密码后,有效期会自动重置。因此,通过修改用户密码,也能达到解锁效果
$ psql -U test -d testdb01
testdb01=> alter user test with encrypted password 'xxx';
highgo=# select * from pg_shadow where usename='test';
usename | usesysid | usecreatedb | usesuper | userepl | usebypassrls | passwd | valuntil | useconfig
---------+----------+-------------+----------+---------+--------------+-------------------------------------+-------------------------------+-----------
test | 16384 | f | f | f | f | md53f666a86359cee35648f33918c41aae9 | 2021-10-22 18:23:10.041647+08 |
最好在initdb完成后就查看&修改默认的安全策略,默认密码过期时间只有7天
$ psql -U highgo
select show_secure_param();
select set_secure_param('hg_idcheck.pwdlock','10');
select set_secure_param('hg_idcheck.pwdlocktime','2D');
select set_secure_param('hg_idcheck.pwdvaliduntil','365');
highgo=# select show_secure_param();
show_secure_param
-----------------------------------------
hg_idcheck.pwdlock = 10 time(s), +
hg_idcheck.pwdlocktime = 2 day(s), +
hg_idcheck.pwdvaliduntil = 365 day(s), +
如果针对已存在的用户修改有效期:
alter user highgo with valid until '2025-12-30';
alter user test with valid until '2022-12-30';
highgo=# select * from pg_shadow where usename='test' or usename='highgo';
usename | usesysid | usecreatedb | usesuper | userepl | usebypassrls | passwd | valuntil | useconfig
---------+----------+-------------+----------+---------+--------------+-------------------------------------+------------------------+-----------
highgo | 10 | t | t | t | t | md5233ff6aa4fd7d77a02f8650fbbcb72c7 | 2025-12-30 00:00:00+08 |
test | 16384 | f | f | f | f | md53f666a86359cee35648f33918c41aae9 | 2022-12-30 00:00:00+08 |
设置密码永不过期
alter user highgo with valid until 'infinity';
highgo=# select * from pg_shadow where usename='test' or usename='highgo';
usename | usesysid | usecreatedb | usesuper | userepl | usebypassrls | passwd | valuntil | useconfig
---------+----------+-------------+----------+---------+--------------+-------------------------------------+------------------------+-----------
test | 16384 | f | f | f | f | md53f666a86359cee35648f33918c41aae9 | 2022-12-30 00:00:00+08 |
highgo | 10 | t | t | t | t | md5233ff6aa4fd7d77a02f8650fbbcb72c7 | infinity |
————————————————
版权声明:本文为CSDN博主「sunny05296」的原创文章,遵循CC 4.0 BY-SA版权协议,转载请附上原文出处链接及本声明。
原文链接:https://blog.csdn.net/sunny05296/article/details/120780379