| From: | Rahul Shirsat <rahul(dot)shirsat(at)enterprisedb(dot)com> |
|---|---|
| To: | Dave Page <dpage(at)pgadmin(dot)org> |
| Cc: | pgadmin-hackers <pgadmin-hackers(at)postgresql(dot)org> |
| Subject: | Re: Bug #6337 |
| Date: | 2021-07-06 08:29:17 |
| Message-ID: | CAKtn9dPAh4O9VkzXUnRBHB_9umbiKMR1gHxXHN_ozDiKCgrhzg@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgadmin-hackers |
Hi Team,
Thank you Dave for analysing & providing the requirement for this issue.
Please find below scenarios which I have compiled.
*For INTERNAL USERS*, they would be able to reset login attempts by:
1. *Resetting password via reset link* - User has to reset password by
their own (this won't work for undeliverable email ids)
2. *Resetting only login attempts* - Admin will be able to reset only login
attempts of a particular user, so that user would try again to login with
the same password.
3. *Resetting login attempts with reset password* - Admin will reset
password, and will share it with the user. Users would be able to login
with this new password again.
I feel the 1st & 3rd options are reliable and good to go.
A still or wireframe for user management for Admin:
[image: user_unlock_1.png]
*For LDAP & KERBEROS:*
As per my understanding, we don't provide reset passwords for LDAP &
KERBEROS, so we can't lock those users, and let users be allowed to attempt
login as we have it currently.
Let me know if this works.
--
*Rahul Shirsat*
Senior Software Engineer | EnterpriseDB Corporation.
On Wed, May 26, 2021 at 6:16 PM Dave Page <dpage(at)pgadmin(dot)org> wrote:
> Hi
>
> On Wed, May 26, 2021 at 1:40 PM Florian Sabonchi <sabonchi(at)posteo(dot)de>
> wrote:
>
>> Hello,
>>
>> Is someone already working on ticket #6337 or can I start working on it?
>>
>> https://redmine.postgresql.org/issues/6337
>
>
> Not as far as I know. Please feel free to work on it.
>
> Do you have a design in mind? I would suggest maybe adding a
> "login_attempts" column to the user table in the config database, and
> having a parameter in config.py to define the maximum number of login
> attempts allowed. login_attempts would be incremented for every failed
> login, and set to zero for a successful one. If it's value is >= to the
> maximum in the config, login would be denied. There would also need to be
> changes to the user management dialogue to show the status for each user,
> and reset them.
>
> Thanks!
>
> --
> Dave Page
> Blog: https://pgsnake.blogspot.com
> Twitter: @pgsnake
>
> EDB: https://www.enterprisedb.com
>
>
--
*Rahul Shirsat*
Senior Software Engineer | EnterpriseDB Corporation.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Akshay Joshi | 2021-07-06 08:55:26 | Re: [pgAdmin][RM-6569]: [Housekeeping][React] Port catalog objects to react |
| Previous Message | Akshay Joshi | 2021-07-06 07:55:05 | Re: [pgAdmin][Patch] - RM #5940 - Add support for Oauth 2 authentication |