Jincang database kingbasees plug-in identity_ pwdexp

Catalog

1. The plugin is introduced

2. Add plug-ins

3. Parameter configuration

4. Example

5. Uninstall plugins

1. The plugin is introduced

identity_pwdexp yes KingbaseES An extension of , Used to set password validity .
KingbaseES The user management of contains the attribute of password validity , The user password expiration check is to set the validity period of the user password , Restrict user login to the database after the user password expires , And enter the new password .
KingbaseES Check the expiration of user password through plug-in . This way is more flexible , When the user password expiration check is required in the practical scenario of the database , Just load the plug-in . When this function is not required , Just uninstall the plug-in .
KingbaseES Pass through 1 Global level parameters cooperate with the plug-in to implement the user password expiration check .

 

2. Add plug-ins

In the use of identity_pwdexp Before , You need to add it to kingbase.conf Of documents shared_preload_libraries in , And restart KingbaseES database .

3. Parameter configuration

identity_pwdexp.password_change_interval
Password validity , The unit is day ,0 Means unlimited , The value range is [0,INT_MAX], Default is 7.
Parameters can only be used in postmaster Start or by the security administrator SQL Language (alter command ) Set it up .
sentence ：Alter system set Parameter name = Parameter values ;
Run after modification select sys_reload_conf(); No need to restart the server , Effective immediately for all databases and connections .
Specify the password when creating a user , It can be done by valid until Option to specify the password validity period for this user , The specified password validity period must be later than the current time and earlier than the replacement cycle identity_pwdexp.password_change_interval Specified time .
For a user who has been successfully created and has a password , Can also pass alter Of the statement valid until Option to change the password validity , But only the security administrator has this permission , Other users cannot modify the password change cycle of themselves and others .
If it is not displayed when creating a user or modifying a user password, it can be passed valid until Option to specify the password validity period for this user , Then the system will be based on identity_pwdexp.password_change_interval The value set by the parameter will automatically calculate the password validity period .
identity_pwdexp.max_password_change_interval
Maximum password validity , The unit is day , The value range is [1,INT_MAX], Default is 30.
Parameters can only be used in postmaster Start or by the security administrator SQL Language (alter command ) Set it up .
This parameter is used to limit the setting range of password validity , When the set password validity period is greater than the maximum password validity period , The system will give an error prompt .

4. Example

5. Uninstall plugins

modify kingbase.conf In file shared_preload_libraries Restart the database after parameters .

shared_preload_libraries = ''