Help Center/ MapReduce Service/ Component Operation Guide (LTS) (Ankara Region)/ Using MOTService/ Creating an MOTService User/ Locking and Unlocking a User
Updated on 2024-11-29 GMT+08:00
View PDF
Share

Locking and Unlocking a User

The system supports automatic user lock and allows you to lock or unlock users. When the number of failed password attempts exceeds a specified value, the system automatically locks the user. When the lock duration exceeds a specified value, the system automatically unlocks the user.

By default, a user is automatically locked if the number of failed password attempts exceeds 10 (failed_login_attempts). The user is automatically unlocked in one day (password_lock_time). You can also perform the following operations to modify the values and lock or unlock the user:

Configuring User Lock

  1. Log in as the OS user omm to the primary node of the database.
  2. Run the following command to start environment variables:

    source ${MOTSERVER_HOME}/.motservice_profile

  3. Connect to the database.

    gsql -d postgres -p 20105 -W Database password

  1. Check the lock parameter values.

    • Check the maximum number of failed password attempts for locking a user.

      SHOW failed_login_attempts;

    • Check the maximum lock duration.

      SHOW password_lock_time;

  1. Run the following commands to configure the parameters:

    • Maximum number of failed password attempts for locking a user

      gs_guc reload -D $GAUSSDATA -c "failed_login_attempts= Maximum number of failed password attempts "

    • Maximum lock duration

      gs_guc reload -N all -I all -c "password_lock_time= Maximum lock duration "

  • failed_login_attempts: number of failed password attempts. The default value is 10. The value ranges from 0 to 1000. If this parameter is set to 0, the user lock is disabled.
  • password_lock_time: lock duration. By default, a locked user will be unlocked in one day. The integer part of the value indicates the number of days, and the decimal part is converted into hours, minutes, and seconds. For example, password_lock_time=1.5 indicates one day and 12 hours. If this parameter is set to 0, the user lock is disabled.

Only when both parameters are set to positive values, the user lock function works properly. You can set the parameters as required to improve security. You are advised to retain the default values.

Locking and Unlocking a User

  1. Log in as the OS user omm to the primary node of the database.
  2. Run the following command to start environment variables:

    source ${MOTSERVER_HOME}/.motservice_profile

  3. Connect to the database.

    gsql -d postgres -p 20105 -W Database password

  4. Lock or unlock a user.

    • Run the following commands to lock a user:

      openGauss=# ALTER USER User to be locked ACCOUNT LOCK;

      ALTER ROLE

    • Run the following commands to unlock a user:

      openGauss=# ALTER USER User to be unlocked ACCOUNT UNLOCK;

      ALTER ROLE