How Do I Unlock an Account?

Symptom

The account has been locked is displayed when an account attempts to access a cluster.

Possible Causes

When you connect to a database in a cluster, if the number of consecutive incorrect password attempts reaches the upper limit, the account will be locked. The number of incorrect password attempts is specified by the GUC parameter failed_login_attempts, and the default value is 10.

You can view audit logs to locate the cause of account locking. For details, see Account Still Locked After Password Resetting.

Method for Unlocking the Administrator (dbadmin by Default)

You can log in to the GaussDB(DWS) management console to reset the administrator password. When the password is reset, the account is automatically unlocked. On the console, go to the Clusters page, locate the required cluster, and choose More > Reset Password.

Method for Unlocking Common Database Users

Connect to the database as the administrator (dbadmin by default) and run the following command to unlock a database user (replace user_name with the name of the locked user).

1
2

gsql -d gaussdb -p 8000 -U dbadmin -W Password -h Cluster IP address
ALTER USER user_name ACCOUNT UNLOCK;

Setting the Number of Times of Failed Login

You can set the maximum number of incorrect password attempts by configuring the failed_login_attempts parameter on the Parameter Modifications tab of the cluster. When failed_login_attempts is set to 0, the number of incorrect password attempts is unlimited. You are not advised to set failed_login_attempts to 0.

Perform the following steps:

1. Log in to the GaussDB(DWS) management console.
2. In the navigation tree on the left, click Clusters.
3. In the cluster list, find the target cluster and click the cluster name. The Basic Information page is displayed.
4. Enter the Parameter Modifications tab page, locate the failed_login_attempts parameter, change its value, and click Save. After confirming the modification, click Save.

   

Setting the Time for Automatically Unlocking a Locked Account

After an account is locked, you can set the password_lock_time parameter to specify the automatic unlocking time. When the locking time exceeds the value of password_lock_time, the account is automatically unlocked. The integral part of the value of the password_lock_time parameter indicates the number of days and its decimal part can be converted into hours, minutes, and seconds.

Perform the following steps:

1. Log in to the GaussDB(DWS) management console.
2. In the navigation tree on the left, click Clusters.
3. In the cluster list, find the target cluster and click the cluster name. The Basic Information page is displayed.
4. Enter the Parameter Modifications tab page, locate the password_lock_time parameter, change its value, and click Save. After confirming the modification, click Save.