Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1tLPly-00Ee0K-Hq for pgsql-general@arkaria.postgresql.org; Wed, 11 Dec 2024 16:41:14 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1tLPlw-0004xC-0h for pgsql-general@arkaria.postgresql.org; Wed, 11 Dec 2024 16:41:13 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1tLPlv-0004x4-5l for pgsql-general@lists.postgresql.org; Wed, 11 Dec 2024 16:41:12 +0000 Received: from fhigh-b5-smtp.messagingengine.com ([202.12.124.156]) by magus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1tLPlq-002IhC-2B for pgsql-general@lists.postgresql.org; Wed, 11 Dec 2024 16:41:11 +0000 Received: from phl-compute-11.internal (phl-compute-11.phl.internal [10.202.2.51]) by mailfhigh.stl.internal (Postfix) with ESMTP id 3FC6D254022E; Wed, 11 Dec 2024 11:41:04 -0500 (EST) Received: from phl-mailfrontend-02 ([10.202.2.163]) by phl-compute-11.internal (MEProxy); Wed, 11 Dec 2024 11:41:04 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=aklaver.com; h= cc:content-transfer-encoding:content-type:content-type:date:date :from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:subject:subject:to:to; s=fm3; t=1733935264; x=1734021664; bh=DsQoHfB7JnaV44sD3K8KW6tg70ioBmc/Ql+x3bQIGsM=; b= isNhyIZe225I7/rskltsZh6gSmxva+6XetRqz801dPLq37XJf0WyGJrM4DXux6RX 7v7CeHD9dg2uTtg35Tllt0UbwPG7TPzcfM+4kMDE34hMtFNO9RCMhXeRAC1U79NX hP1j+Cv5bUTNcbJpibcieyFKaRgTOHZtA6r1IrkLZJln+oZugVk2z38JUUHIUC7O 3g2o4bAf1QTGY2/Xy7DoiQ6sKDh9iEy72Hbck5d7J5zcW3T+1sr+Lx0dghPWwZJo fWBrnuaMb0LPkUHH9bXxhU1A55PWXJfMRXnfxtrhvdlcoMh9lbzzyeDlRWCwOrpk mXeIaR77B6Qb0jvAz0sbpA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :content-type:date:date:feedback-id:feedback-id:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:subject:subject:to:to:x-me-proxy:x-me-sender :x-me-sender:x-sasl-enc; s=fm1; t=1733935264; x=1734021664; bh=D sQoHfB7JnaV44sD3K8KW6tg70ioBmc/Ql+x3bQIGsM=; b=Eu0QTyMEFU/jpQtI9 XVH4UoyyJUpOBmvqz1IECMkd1jmN9IceWJZabEWdT8L5n48J/LHYMb12E3e3Jdww tAHxafbtA91mDHn1oX8OMk8dZjyEOm0WeJpkSskHGAuyChJwg3bczOPlqhzzeiZZ vekzZY/oakAKV+Huqg4MEcMvhoFOvxQjiYzrUJ6lI7W7AK5IbM1YIqaXEQjRYDWY Vx6QAhY6EeiJQo7R/6mnYQ/tYDeZ4vOgScS98ztNu+GmYyBSoHsdSO3d8t5meNYK 6AINOaUtxyFTCWnTYUvxrAr/0WFFKLSKIjv+KBDnxnkP3GdsljW+Fj2VFVVzniKE 9OetA== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeefuddrkedtgdeltdcutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpggftfghnshhusghstghrihgsvgdpuffr tefokffrpgfnqfghnecuuegrihhlohhuthemuceftddtnecunecujfgurhepkfffgggfuf fvfhfhjggtgfesthekredttddvjeenucfhrhhomheptegurhhirghnucfmlhgrvhgvrhcu oegrughrihgrnhdrkhhlrghvvghrsegrkhhlrghvvghrrdgtohhmqeenucggtffrrghtth gvrhhnpedviedtuefgleetffetteetteduieehiefgjeffjeefhfegfeejieevuddtjedt ueenucffohhmrghinhepghhithhhuhgsrdgtohhmnecuvehluhhsthgvrhfuihiivgeptd enucfrrghrrghmpehmrghilhhfrhhomheprggurhhirghnrdhklhgrvhgvrhesrghklhgr vhgvrhdrtghomhdpnhgspghrtghpthhtohepvddpmhhouggvpehsmhhtphhouhhtpdhrtg hpthhtohepkhgvnhhnhidtvddtfedtjeesghhmrghilhdrtghomhdprhgtphhtthhopehp ghhsqhhlqdhgvghnvghrrghlsehlihhsthhsrdhpohhsthhgrhgvshhqlhdrohhrgh X-ME-Proxy: Feedback-ID: i76984098:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Wed, 11 Dec 2024 11:41:03 -0500 (EST) Message-ID: <848c68f2-50b7-44fc-8969-ea28a537f3f2@aklaver.com> Date: Wed, 11 Dec 2024 08:41:02 -0800 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: Credcheck- credcheck.max_auth_failure To: =?UTF-8?B?5by15a6455GL?= , pgsql-general@lists.postgresql.org References: Content-Language: en-US From: Adrian Klaver In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk On 12/11/24 02:46, 張宸瑋 wrote: > In the use of the Credcheck suite, the parameter > "credcheck.max_auth_failure = '3'" is set in the postgresql.conf file to > limit users from entering incorrect passwords more than three times, > after which their account will be locked. Due to certain requirements, I > would like to ask if there is a way or feature to set this parameter > differently for a specific user or role, so that it does not apply to > them. I considered using "credcheck.whitelist" to exclude certain > accounts, but this would cause all other parameters to apply as well, > and the account would still require the other password complexity > settings. I only wish to exclude the "credcheck.max_auth_failure" > parameter. Thank you in advance for your response, and I would > appreciate any assistance you can provide! The issue you filed here: https://github.com/HexaCluster/credcheck/issues/43 is the way to go to get the necessary assistance. -- Adrian Klaver adrian.klaver@aklaver.com