Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <pgsql-general-owner+archive@lists.postgresql.org>)
	id 1tDbwr-001z39-5R
	for pgsql-general@arkaria.postgresql.org; Wed, 20 Nov 2024 04:04:13 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.94.2)
	(envelope-from <pgsql-general-owner+archive@lists.postgresql.org>)
	id 1tDbwo-001vmD-TC
	for pgsql-general@arkaria.postgresql.org; Wed, 20 Nov 2024 04:04:10 +0000
Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29])
	by malur.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <adrian.klaver@aklaver.com>)
	id 1tDbwn-001vm2-Dp
	for pgsql-general@lists.postgresql.org; Wed, 20 Nov 2024 04:04:10 +0000
Received: from fhigh-a4-smtp.messagingengine.com ([103.168.172.155])
	by magus.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <adrian.klaver@aklaver.com>)
	id 1tDbwj-002rLN-KA
	for pgsql-general@lists.postgresql.org; Wed, 20 Nov 2024 04:04:08 +0000
Received: from phl-compute-02.internal (phl-compute-02.phl.internal [10.202.2.42])
	by mailfhigh.phl.internal (Postfix) with ESMTP id A586D11401EB;
	Tue, 19 Nov 2024 23:04:03 -0500 (EST)
Received: from phl-mailfrontend-02 ([10.202.2.163])
  by phl-compute-02.internal (MEProxy); Tue, 19 Nov 2024 23:04:03 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=aklaver.com; h=
	cc:cc:content-transfer-encoding:content-type:content-type:date
	:date:from:from:in-reply-to:in-reply-to:message-id:mime-version
	:references:reply-to:subject:subject:to:to; s=fm2; t=1732075443;
	 x=1732161843; bh=eINwVQO+ErPpuADAovfQ6vir2eeXMgMgx9FYzv1wzNo=; b=
	UbJsGAxtJFTf56aO8CMsiPj1cjEjSBrk9X0Nli/zCsKG9iqL1spm8a9UZtZhfit+
	OaHRu5vcM/Z6NKduAP2k/DzNGj0vB6eqUZhU4zcYQS0BU3pQ6t66DIG76lJpg6A3
	BLkVHExgSEpQfdi2h+KQnsozDxTovpo2yGpjKuNhx/ZDCSbsiGPxEZO7nlTATmWu
	yv7J3MDBlqdmxkUHZXEeSuWzAq/gjmH4bm2eTb4Ru/mzi2Xe1xfoGl2BcDs8RabG
	NR5HNsnWbqO6d9p53rnZysB4dtGTFSggE94q+Dh5+WnLgA3uS0CcgbMqEQGqEfNC
	iWA118Nuh6bbaOHAjzKSXQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
	messagingengine.com; h=cc:cc:content-transfer-encoding
	:content-type:content-type:date:date:feedback-id:feedback-id
	:from:from:in-reply-to:in-reply-to:message-id:mime-version
	:references:reply-to:subject:subject:to:to:x-me-proxy
	:x-me-sender:x-me-sender:x-sasl-enc; s=fm3; t=1732075443; x=
	1732161843; bh=eINwVQO+ErPpuADAovfQ6vir2eeXMgMgx9FYzv1wzNo=; b=O
	ICyxjBp/Yg6j9CE+iqHKNRxfeUe7FR12iBUqP2Dx14QHuOLVfCMN3OHBy6s2eIMU
	c961bY0YAzYc+0rSCAJ5UXYFiqWB5fF/tE9oZ2eBgeHg+7dvRY36JyTBygz5xiDZ
	AhnQO8IpAGlv8zfDPz15guwpApx68wTOy6S9UzaGvFnkvPOx3Ta52uBzFL5QNgNq
	PuvE6DDaKdUqb21zMQqFfvUnFHnxdCt0qGbVyXg+ENbWH9EbsWFIu5dcUSfaYaDX
	J4dtlTDmFXxme2Bg7KJ49YVyOaB+/IyBJPRYjqH+A1JE5m8ySOR2NzGb0iOqB6II
	dMpfhkjoF+V+bR7+6S97w==
X-ME-Sender: <xms:s189ZyhRSvu8Bu7FJVaRjqeUP5Dxc5mnWtdwGAcAEafOwedTkt84wg>
    <xme:s189ZzCaZIzr3TxQsPgK6U6GjIMrG3QmpYrmESbtYobIlH5ITRQq8fY6zEj2BLMXs
    cq4m6ein5omtb8>
X-ME-Received: <xmr:s189Z6Ee_eReOT6BEjeTjnIYaZjWGURSiAPyrjKu0c1oXkYJjX9ewU4dnM5c9BBGLFOC18MobMjKqO4sY-u9L5TnwI9JsK58>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeefuddrfeefgdeihecutefuodetggdotefrodftvf
    curfhrohhfihhlvgemucfhrghsthforghilhdpggftfghnshhusghstghrihgsvgdpuffr
    tefokffrpgfnqfghnecuuegrihhlohhuthemuceftddtnecunecujfgurhepkfffgggfuf
    fvvehfhfgjtgfgsehtkeertddtvdejnecuhfhrohhmpeetughrihgrnhcumfhlrghvvghr
    uceorggurhhirghnrdhklhgrvhgvrhesrghklhgrvhgvrhdrtghomheqnecuggftrfgrth
    htvghrnhepfedvudevudegteegveejleeuueefhffggfeijeffvdeuiedugfelfeejveeg
    geeinecuffhomhgrihhnpehgihhthhhusgdrtghomhenucevlhhushhtvghrufhiiigvpe
    dtnecurfgrrhgrmhepmhgrihhlfhhrohhmpegrughrihgrnhdrkhhlrghvvghrsegrkhhl
    rghvvghrrdgtohhmpdhnsggprhgtphhtthhopedvpdhmohguvgepshhmthhpohhuthdprh
    gtphhtthhopehkvghnnhihtddvtdeftdejsehgmhgrihhlrdgtohhmpdhrtghpthhtohep
    phhgshhqlhdqghgvnhgvrhgrlheslhhishhtshdrphhoshhtghhrvghsqhhlrdhorhhg
X-ME-Proxy: <xmx:s189Z7QcmggrcuiJIGWQ4yU2JpvDQDdL1qZNpb8vgCE13EyEAOyxJA>
    <xmx:s189Z_y0m-lv_8x4jrDI9HdGQNOz8SuOOjl962135qzIPxM5nH2_fQ>
    <xmx:s189Z54THT0oPQRvPU5u4JBCjQwJJCugcov1x4Ch2GlpnGqzSlhJEw>
    <xmx:s189Z8zfRrEL_O2Y1LoE56tz4cWukbDDdRilnq5ePr93lNDh-YiaZA>
    <xmx:s189Z6_lsTt8507aqzdgCo4pidpVTKHbkkEKa0BF_riGJ6c57LxqgBHd>
Feedback-ID: i76984098:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA; Tue,
 19 Nov 2024 23:04:02 -0500 (EST)
Message-ID: <7870eb0d-6092-44df-9c88-4ba498e14de2@aklaver.com>
Date: Tue, 19 Nov 2024 20:04:02 -0800
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Subject: Re: Re : Credcheck extension
To: =?UTF-8?B?5by15a6455GL?= <kenny020307@gmail.com>
Cc: pgsql-general@lists.postgresql.org
References: <CAFsaSDg3oCwP=Oq7Ej7=PLLHy6_5sUn65LwrQFxw0MvEwm=uAA@mail.gmail.com>
 <bc81b050-b072-4e09-aac6-be57ca4a0df1@aklaver.com>
 <CAFsaSDgHR5mNZAsMUP-_y7Dj2bh572pgFNmLjxR5k5CJV-UmkQ@mail.gmail.com>
 <3b615ed5-1186-46f2-92bd-363b9b7769a6@aklaver.com>
 <CAFsaSDiG9PQXUZZzw2k8TukTKHGDTRK4s6R1wXY-rLUp0NzRcw@mail.gmail.com>
Content-Language: en-US
From: Adrian Klaver <adrian.klaver@aklaver.com>
In-Reply-To: <CAFsaSDiG9PQXUZZzw2k8TukTKHGDTRK4s6R1wXY-rLUp0NzRcw@mail.gmail.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
List-Id: <pgsql-general.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-general@lists.postgresql.org>
List-Owner: <mailto:pgsql-general-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-general>
Archived-At: <https://www.postgresql.org/message-id/7870eb0d-6092-44df-9c88-4ba498e14de2%40aklaver.com>
Precedence: bulk

On 11/19/24 19:01, 張宸瑋 wrote:
> Thank you for your help!After applying the patch, the above issue has 
> been resolved.
> 
>   I have another question: After identifying who is in the banned_role, 
> the GitHub example uses the command SELECT pg_banned_role_reset(); to 
> unlock everyone. I would like to know if there is a way to unlock a 
> specific individual rather than unlocking everyone.

It's in the docs:

https://github.com/hexacluster/credcheck?tab=readme-ov-file#examples

Authentication failure ban

"A superuser can also reset the content of the banned user cache by 
calling a function named public.pg_banned_role_reset(). If it is called 
without an argument, all the banned cache will be cleared. To only 
remove the record registered for a single user, just pass his name as 
parameter. This function returns the number of records removed from the 
cache. A restart of PostgreSQL also clear the cache."

I would suggest reading the entire documentation.

> 
> Adrian Klaver <adrian.klaver@aklaver.com 
> <mailto:adrian.klaver@aklaver.com>>於 2024年11月20日 週三，上午12:25寫道：
> 
>     On 11/19/24 00:40, 張宸瑋 wrote:
>      > Sorry for the inconvenience, but I used make and make install to
>     build
>      > the credcheck--2.8.0.sql sources zip file. I would like to ask
>     how I can
>      > update and apply the changes to the system, as I modified the
>     files in
>      > credcheck/test/expected/06_reuse_interval.out and
>      > credcheck/test/sql/06_reuse_interval.sql. However, after running
>     make
>      > and make install again, I don’t see any changes.
> 
>     Pretty sure you need to do:
> 
>     make clean
> 
>     first, then the rest of the install process.
> 
>     That process is shown here:
> 
>     https://github.com/hexacluster/credcheck?tab=readme-ov-file#installation <https://github.com/hexacluster/credcheck?tab=readme-ov-file#installation>
> 
> 
>      >
>      >
>      > Adrian Klaver <adrian.klaver@aklaver.com
>     <mailto:adrian.klaver@aklaver.com>
>      > <mailto:adrian.klaver@aklaver.com
>     <mailto:adrian.klaver@aklaver.com>>>於 2024年11月18日 週一，下午
>     11:15寫道：
>      >
>      >     On 11/18/24 01:03, 張宸瑋 wrote:
>      >      > Hello!
>      >      >    I would like to inquire about the installation of the
>     credcheck
>      >      > third-party package to support password complexity and
>     expiration
>      >     date,
>      >      > etc., when setting up open-source PostgreSQL. I am using the
>      >      > credcheck--2.8.0.sql version from GitHub. After completing the
>      >     setup, I
>      >      > encountered the following issue: when an account exceeds the
>      >     configured
>      >      > number of incorrect login attempts, it gets locked. The
>     command
>      >     SELECT *
>      >      > FROM pg_banned_role; should display the columns roleid,
>      >     failure_count,
>      >      > and banned_date, and the view is working properly and
>     shows the
>      >      > information. However, according to the example, the roleid
>     does not
>      >      > correctly display the corresponding oid for the account
>     with failed
>      >      > login attempts. I would like to ask if there is a solution
>     for this
>      >      > issue. Thank you!
>      >
>      >     Have you looked a?:
>      >
>      > https://github.com/HexaCluster/credcheck/issues/39
>     <https://github.com/HexaCluster/credcheck/issues/39>
>      >     <https://github.com/HexaCluster/credcheck/issues/39
>     <https://github.com/HexaCluster/credcheck/issues/39>>
>      >
>      >     --
>      >     Adrian Klaver
>      > adrian.klaver@aklaver.com <mailto:adrian.klaver@aklaver.com>
>     <mailto:adrian.klaver@aklaver.com <mailto:adrian.klaver@aklaver.com>>
>      >
> 
>     -- 
>     Adrian Klaver
>     adrian.klaver@aklaver.com <mailto:adrian.klaver@aklaver.com>
> 

-- 
Adrian Klaver
adrian.klaver@aklaver.com