I create users or roles with login, but when the user login for the first time in the database, (pgadmin) doesnt ask to change the password.
I need use password expired in the first login, is it posible?
PostgreSQL has no provision for forcing a password change, neither by timeout nor by any other means.
The best you can do is to set a VALID UNTIL on the user and write them an e-mail that they should change the password before the user expires. As soon as they report back, you can remove the VALID UNTIL.
You can set the password to expire as soon as the role is created.
create role testrole2 password 'test' valid until '2019-11-11 15:23:00.533249+00';
https://www.postgresql.org/docs/current/sql-createrole.html
Related
Is there any way to create user in google admin console without password?
Users can create a new password with First Time Login
I am using google admin sdk API with service account Bearer token to create user.
Url: https://admin.googleapis.com/admin/directory/v1/users
Payload: {
"primaryEmail":"sampleuser#orgdomain.com",
"name":{
"givenName":"Test",
"familyName":"User"
},
"suspended":false,
"password":"Password1234",
"changePasswordAtNextLogin":true,
"ipWhitelisted":false,
"emails":[
{
"address":"sampleuser#orgdomain.com",
"type":"home",
"customType":"",
"primary":true
}
]
}
The API is failing without the password field. Is there any way to enable or disable any configuration in admin console to achieve same.? Related Answers will be helpful. Thanks
You can't create a user without a password within the API.
The method users.insert requires an instance of the Resource: users on the request body and the Resource: Users states that the password is required when creating a new user:
password:
Stores the password for the user account. The user's password value is required when creating a user account. It's optional when updating a user and should only be provided if the user is updating their account password. The password value is never returned in the API's response body.
A password can contain any combination of ASCII characters, and must be between 8-100 characters.
We recommend sending the password parameter as a hexadecimal-encoded hash value and setting hashFunction accordingly. If hashFunction is specified, the password must be a valid hash key.
I would like to use a service with our Database, but it doesn't support Amazon RDS IAM Database authentication. My plan is to have a mock-database that only has tables it needs from the original postgres DB, and to have a script that refreshes the service's user's password on the real DB every time it expires (15 minutes).
What happens when I call ALTER USER MAPPING on the Foreign User? Does it reconnect to the server with a new username and password?
Yes, when you change the userid or password using ALTER USER MAPPING, it will reconnect the user. It may wait until the user actually requests something to authenticate, but the user will not know the difference.
I've seen various posts that help you reset the password when it expires (using various means ACC, DB update etc). But, is there a way you can make the admin password never expire? We have lot of automation built around this admin interface and it is turning out to be a hassle every time this password had to be changed. It would be nice if we can make the password never expire.
Set the enabled property on /atg/dynamo/security/passwordchecker/ExpiredPasswordAdminService/ to false.
Below is a sample ExpiredPasswordAdminService.properties file. You will need to create this in the appropriate configuration layer:
$class=atg.security.ExpiredPasswordAdminService
# Enable/Disable the password expiration service
enabled=false
Is it save to create backend user with an empty password?
For example the _cli_lowlevel backend user or a backend user editor-test, which I only use for testing purposes via the "Switch to user" feature.
usually a cli_* user should have no rights to access anything in the BE (non admin user, with no mount-points). it is used to execute TYPO3 by command line. if anyone can get access to a shell he can execute commands more dangerous than a simple BE-access. e.g. he can open access to the install-tool and create an admin-user. or use mysql-cli to set passwords to any given user.
normally you can not create BE-users without password as the form for BE-users requires a not empty password field. as you probably use salted and hashed passwords even a simple password can not be decrypted (so a brute force attack may find the password quickly). so the best way would be a long random password which you might forget the next moment.
I'm doing a Scala - Play application and I want to disconnect an user when an admin change his right. For exemple, is an user is logged and an admin upgrade his account to the admin type, I want disconnect this user.How can I do that ?
If you stored the userId in the Session you will need to add the rights of the user in the Session.
So that when the user connects, you can check his rights from the session to the ones in your database. If they don't match you can redirect the user to the login page.
just to cover all the bases since the answer here depends specifically on how your application determines if a user is logged in:
if user auth is done with a token generated by a secret that is stored on your user model and checked for validity on every request, you can generate a new secret for the user and all existing tokens will become invalid.