Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1tDayB-001r58-GB for pgsql-general@arkaria.postgresql.org; Wed, 20 Nov 2024 03:01:31 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1tDay8-001JZH-4i for pgsql-general@arkaria.postgresql.org; Wed, 20 Nov 2024 03:01:28 +0000 Received: from makus.postgresql.org ([2001:4800:3e1:1::229]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1tDay7-001JYp-Im for pgsql-general@lists.postgresql.org; Wed, 20 Nov 2024 03:01:27 +0000 Received: from mail-io1-xd29.google.com ([2607:f8b0:4864:20::d29]) by makus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.94.2) (envelope-from ) id 1tDay4-002o58-Kd for pgsql-general@lists.postgresql.org; Wed, 20 Nov 2024 03:01:26 +0000 Received: by mail-io1-xd29.google.com with SMTP id ca18e2360f4ac-83aac40e908so18830439f.1 for ; Tue, 19 Nov 2024 19:01:24 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1732071684; x=1732676484; darn=lists.postgresql.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=XNEDepPoAw6MQe4nCYIF447rhAFVMwZbxion8pTY8cs=; b=j3xcm0pYbBUVauMr6pZy++emQdZmVTwnq1wlbRppmIeo+1KvPLbCpyzjEVIMXlOOwV AIG9Gnc1TCKDRa4/9v3y/2ZOdo7kOyZf7UMJZnFhYHnkwUejMzYwBPdiHbqpfxQqbZlY DDCFcgJCL4ENoT71SYf72RQ8EWJqDDmczBaPibEQ1AoVo9VEHXwD4IJMudtN+O00+uQl WGlnnYvxDjJ3Cc6yVDrfPPIuO51KQwOJJyDVccojByCUdFxkmYxmLj4/jm4oYIqKKrRE a99KspAc9ETNxOKkUYGlcrTVBMOE/Z9mp7/z49pNMMzFhnsPRvLTi3zXGcdicHwTqrfF sn1A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1732071684; x=1732676484; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=XNEDepPoAw6MQe4nCYIF447rhAFVMwZbxion8pTY8cs=; b=N5YicWwcmKOOqDnElTo0nqSMouOcRFJy21ZE8Zbfb8+rvfFEiwqSN7+oPSg55Fooy6 17k576uAXdL5O2JSL+rzVLIKLF/fg4ZU+eBD2hRaZ/rHmsbgqPm3aFAj7sfWjveW1+Al 6kqEaJ+vmt8n7aT5VX9dWEohWAGVxEXe2I4q2jXwoUxnJCs4yRlb8hK7IEO0awnDrNPf 1TaV4XTEFwW9z7mPjGEBke+QgShPbqCD6EnBQLGPTNfn+dzT889pKr5VYcqywaFykCnq 4kEqXSVYIFWRdjqbYxbzfQnd1lUoNBbBq0Y3bAMyUguLSlqeEQ/se+TUeUCGJzP4HAwl ON0w== X-Gm-Message-State: AOJu0YzoIce27/i9pnEIuXt4R8FyIixdrv6p1gO/9RH/2iKJVGQ66u0k gxS/UfRjpNKQzjYbv/L0EsPzwf+r4EgeFZ6q0NOe8X4oL+CbatrtqjmwYk76gyT75Ns1rWZ1l8R yH6kB7frLQrKVszInqGmvGA3HefW9cg== X-Gm-Gg: ASbGncuKJQ8BVHaXyGlF/DdgC3iohUMYRgei4baSWBmHwaRkl7pV31aQjs1LMQ5yRLW /xbll6uitGeGdCPAItlJ/hjmouYFqREj11U9GUmWLnl1EZ84BwKaneGR8aqfNbCY= X-Google-Smtp-Source: AGHT+IHWOAs3wkBBmGZJX1C+VgLmJ1X2RiB+LqL/QpRYJ2cs8N0eFbziqJ9mt6mm1YLNNARrLcVwnVMYv5ndhPvmFLc= X-Received: by 2002:a05:6602:1684:b0:83a:abd1:6af2 with SMTP id ca18e2360f4ac-83eb60d8ceemr38312339f.3.1732071683598; Tue, 19 Nov 2024 19:01:23 -0800 (PST) MIME-Version: 1.0 References: <3b615ed5-1186-46f2-92bd-363b9b7769a6@aklaver.com> In-Reply-To: <3b615ed5-1186-46f2-92bd-363b9b7769a6@aklaver.com> From: =?UTF-8?B?5by15a6455GL?= Date: Wed, 20 Nov 2024 11:01:12 +0800 Message-ID: Subject: Re: Re : Credcheck extension To: Adrian Klaver Cc: pgsql-general@lists.postgresql.org Content-Type: multipart/alternative; boundary="0000000000006d2fd006274f5dd5" List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk --0000000000006d2fd006274f5dd5 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Thank you for your help!After applying the patch, the above issue has been resolved. I have another question: After identifying who is in the banned_role, the GitHub example uses the command SELECT pg_banned_role_reset(); to unlock everyone. I would like to know if there is a way to unlock a specific individual rather than unlocking everyone. Adrian Klaver =E6=96=BC 2024=E5=B9=B411=E6=9C=88= 20=E6=97=A5 =E9=80=B1=E4=B8=89=EF=BC=8C=E4=B8=8A=E5=8D=8812:25=E5=AF=AB=E9= =81=93=EF=BC=9A > On 11/19/24 00:40, =E5=BC=B5=E5=AE=B8=E7=91=8B wrote: > > Sorry for the inconvenience, but I used make and make install to build > > the credcheck--2.8.0.sql sources zip file. I would like to ask how I ca= n > > update and apply the changes to the system, as I modified the files in > > credcheck/test/expected/06_reuse_interval.out and > > credcheck/test/sql/06_reuse_interval.sql. However, after running make > > and make install again, I don=E2=80=99t see any changes. > > Pretty sure you need to do: > > make clean > > first, then the rest of the install process. > > That process is shown here: > > https://github.com/hexacluster/credcheck?tab=3Dreadme-ov-file#installatio= n > > > > > > > > Adrian Klaver > >=E6=96=BC 2024=E5=B9=B411=E6=9C=8818= =E6=97=A5 =E9=80=B1=E4=B8=80=EF=BC=8C=E4=B8=8B=E5=8D=8811:15=E5=AF=AB=E9=81= =93=EF=BC=9A > > > > On 11/18/24 01:03, =E5=BC=B5=E5=AE=B8=E7=91=8B wrote: > > > Hello! > > > I would like to inquire about the installation of the credche= ck > > > third-party package to support password complexity and expiratio= n > > date, > > > etc., when setting up open-source PostgreSQL. I am using the > > > credcheck--2.8.0.sql version from GitHub. After completing the > > setup, I > > > encountered the following issue: when an account exceeds the > > configured > > > number of incorrect login attempts, it gets locked. The command > > SELECT * > > > FROM pg_banned_role; should display the columns roleid, > > failure_count, > > > and banned_date, and the view is working properly and shows the > > > information. However, according to the example, the roleid does > not > > > correctly display the corresponding oid for the account with > failed > > > login attempts. I would like to ask if there is a solution for > this > > > issue. Thank you! > > > > Have you looked a?: > > > > https://github.com/HexaCluster/credcheck/issues/39 > > > > > > -- > > Adrian Klaver > > adrian.klaver@aklaver.com > > > > -- > Adrian Klaver > adrian.klaver@aklaver.com > > --0000000000006d2fd006274f5dd5 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Thank you for your help!After applying the patch, the abo= ve issue has been resolved.=C2=A0

=C2=A0I have another question: After identifying who is in the ba= nned_role, the GitHub example uses the command SELECT pg_banned_role_reset(= ); to unlock everyone. I would like to know if there is a way to unlock a s= pecific individual rather than unlocking everyone.

Adrian Klaver <adrian.klaver@aklaver.com>= ;=E6=96=BC 2024=E5=B9=B411=E6=9C=8820=E6=97=A5 =E9=80=B1=E4=B8=89=EF=BC=8C= =E4=B8=8A=E5=8D=8812:25=E5=AF=AB=E9=81=93=EF=BC=9A
On 11/19/24 00:40, =E5=BC=B5=E5=AE=B8=E7=91=8B wrote:
> Sorry for the inconvenience, but I used make and make install to build=
> the credcheck--2.8.0.sql sources zip file. I would like to ask how I c= an
> update and apply the changes to the system, as I modified the files in=
> credcheck/test/expected/06_reuse_interval.out and
> credcheck/test/sql/06_reuse_interval.sql. However, after running make =
> and make install again, I don=E2=80=99t see any changes.

Pretty sure you need to do:

make clean

first, then the rest of the install process.

That process is shown here:

https://github.com/hexaclu= ster/credcheck?tab=3Dreadme-ov-file#installation


>
>
> Adrian Klaver <adrian.klaver@aklaver.com
> <mailto:adrian.klaver@aklaver.com>>=E6=96=BC 2024=E5=B9=B411=E6=9C=88= 18=E6=97=A5 =E9=80=B1=E4=B8=80=EF=BC=8C=E4=B8=8B=E5=8D=8811:15=E5=AF=AB=E9= =81=93=EF=BC=9A
>
>=C2=A0 =C2=A0 =C2=A0On 11/18/24 01:03, =E5=BC=B5=E5=AE=B8=E7=91=8B wrot= e:
>=C2=A0 =C2=A0 =C2=A0 > Hello!
>=C2=A0 =C2=A0 =C2=A0 >=C2=A0 =C2=A0 I would like to inquire about th= e installation of the credcheck
>=C2=A0 =C2=A0 =C2=A0 > third-party package to support password compl= exity and expiration
>=C2=A0 =C2=A0 =C2=A0date,
>=C2=A0 =C2=A0 =C2=A0 > etc., when setting up open-source PostgreSQL.= I am using the
>=C2=A0 =C2=A0 =C2=A0 > credcheck--2.8.0.sql version from GitHub. Aft= er completing the
>=C2=A0 =C2=A0 =C2=A0setup, I
>=C2=A0 =C2=A0 =C2=A0 > encountered the following issue: when an acco= unt exceeds the
>=C2=A0 =C2=A0 =C2=A0configured
>=C2=A0 =C2=A0 =C2=A0 > number of incorrect login attempts, it gets l= ocked. The command
>=C2=A0 =C2=A0 =C2=A0SELECT *
>=C2=A0 =C2=A0 =C2=A0 > FROM pg_banned_role; should display the colum= ns roleid,
>=C2=A0 =C2=A0 =C2=A0failure_count,
>=C2=A0 =C2=A0 =C2=A0 > and banned_date, and the view is working prop= erly and shows the
>=C2=A0 =C2=A0 =C2=A0 > information. However, according to the exampl= e, the roleid does not
>=C2=A0 =C2=A0 =C2=A0 > correctly display the corresponding oid for t= he account with failed
>=C2=A0 =C2=A0 =C2=A0 > login attempts. I would like to ask if there = is a solution for this
>=C2=A0 =C2=A0 =C2=A0 > issue. Thank you!
>
>=C2=A0 =C2=A0 =C2=A0Have you looked a?:
>
>=C2=A0 =C2=A0 =C2=A0https://github.com/HexaClu= ster/credcheck/issues/39
>=C2=A0 =C2=A0 =C2=A0<https://github.com/Hex= aCluster/credcheck/issues/39>
>
>=C2=A0 =C2=A0 =C2=A0--
>=C2=A0 =C2=A0 =C2=A0Adrian Klaver
>=C2=A0 =C2=A0 =C2=A0adrian.klaver@aklaver.com <mailto:adrian.klaver@aklaver.com><= br> >

--
Adrian Klaver
adrian.klave= r@aklaver.com

--0000000000006d2fd006274f5dd5--