Re: Re : Credcheck extension

On 11/19/24 19:01, 張宸瑋 wrote:
> Thank you for your help!After applying the patch, the above issue has
> been resolved.
>
>  I have another question: After identifying who is in the banned_role,
> the GitHub example uses the command SELECT pg_banned_role_reset(); to
> unlock everyone. I would like to know if there is a way to unlock a
> specific individual rather than unlocking everyone.

It's in the docs:

https://github.com/hexacluster/credcheck?tab=readme-ov-file#examples

Authentication failure ban

"A superuser can also reset the content of the banned user cache by
calling a function named public.pg_banned_role_reset(). If it is called
without an argument, all the banned cache will be cleared. To only
remove the record registered for a single user, just pass his name as
parameter. This function returns the number of records removed from the
cache. A restart of PostgreSQL also clear the cache."

I would suggest reading the entire documentation.

>
> Adrian Klaver <adrian(dot)klaver(at)aklaver(dot)com
> <mailto:adrian(dot)klaver(at)aklaver(dot)com>>於 2024年11月20日 週三，上午12:25寫道：
>
> On 11/19/24 00:40, 張宸瑋 wrote:
> > Sorry for the inconvenience, but I used make and make install to
> build
> > the credcheck--2.8.0.sql sources zip file. I would like to ask
> how I can
> > update and apply the changes to the system, as I modified the
> files in
> > credcheck/test/expected/06_reuse_interval.out and
> > credcheck/test/sql/06_reuse_interval.sql. However, after running
> make
> > and make install again, I don’t see any changes.
>
> Pretty sure you need to do:
>
> make clean
>
> first, then the rest of the install process.
>
> That process is shown here:
>
> https://github.com/hexacluster/credcheck?tab=readme-ov-file#installation <https://github.com/hexacluster/credcheck?tab=readme-ov-file#installation>
>
>
> >
> >
> > Adrian Klaver <adrian(dot)klaver(at)aklaver(dot)com
> <mailto:adrian(dot)klaver(at)aklaver(dot)com>
> > <mailto:adrian(dot)klaver(at)aklaver(dot)com
> <mailto:adrian(dot)klaver(at)aklaver(dot)com>>>於 2024年11月18日 週一，下午
> 11:15寫道：
> >
> >     On 11/18/24 01:03, 張宸瑋 wrote:
> >      > Hello!
> >      >    I would like to inquire about the installation of the
> credcheck
> >      > third-party package to support password complexity and
> expiration
> >     date,
> >      > etc., when setting up open-source PostgreSQL. I am using the
> >      > credcheck--2.8.0.sql version from GitHub. After completing the
> >     setup, I
> >      > encountered the following issue: when an account exceeds the
> >     configured
> >      > number of incorrect login attempts, it gets locked. The
> command
> >     SELECT *
> >      > FROM pg_banned_role; should display the columns roleid,
> >     failure_count,
> >      > and banned_date, and the view is working properly and
> shows the
> >      > information. However, according to the example, the roleid
> does not
> >      > correctly display the corresponding oid for the account
> with failed
> >      > login attempts. I would like to ask if there is a solution
> for this
> >      > issue. Thank you!
> >
> >     Have you looked a?:
> >
> > https://github.com/HexaCluster/credcheck/issues/39
> <https://github.com/HexaCluster/credcheck/issues/39>
> >     <https://github.com/HexaCluster/credcheck/issues/39
> <https://github.com/HexaCluster/credcheck/issues/39>>
> >
> >     --
> >     Adrian Klaver
> > adrian(dot)klaver(at)aklaver(dot)com <mailto:adrian(dot)klaver(at)aklaver(dot)com>
> <mailto:adrian(dot)klaver(at)aklaver(dot)com <mailto:adrian(dot)klaver(at)aklaver(dot)com>>
> >
>
> --
> Adrian Klaver
> adrian(dot)klaver(at)aklaver(dot)com <mailto:adrian(dot)klaver(at)aklaver(dot)com>
>

--
Adrian Klaver
adrian(dot)klaver(at)aklaver(dot)com