Let's say in PostgreSQL, there are open sessions for a particular user, what happens to them, when a password is changed?
I think something of the following:
It is not allowed to issue password change command
All sessions are
terminated after completing the last query
Open sessions will
continue to work until closed explicitly or by timeout.
Nothing happens to open sessions, they continue to work normally. There's no way to tell what authentication method was used to establish a session or what password was used.
If you want to boot off users who may have used an old password you'll need to pg_terminate_backend all backends for that user.
Related
The case is the following, there is a user who is not doing anything on the server, I as an administrator, to avoid losing memory in vain, I want to forcefully close the session, is there any way to achieve this?
I'd like to setup different log files for each postgres user, so that we can easily separate the errors.
Is there a way to do this?
It appears that postgresql.conf has a log_line_prefix configuration that allows for user name and even the session id. I don't think it can be configured to log separately but if the errors are logged with user id then you should be able to filter them easy enough
We're about to de-federate our Office365 domain from using adfs2.0 to using passwords sync'd with Azure AD Sync.
We understand the process to need us to run Convert-MsolDomainToStandard, and then force a re-sync of our password with Azure AD Sync. All good so far.
First question. What powershell can we run to confirm that all our passwords are re-syncing OK on the Azure/365 side? For example, can we get the last password sync time for each user? (not last password change time - that's different!) We really need confidence to pull the trigger on this with 18,000 users.
Second question. After we run this, what powershell can we run to ensure all users have been de-federated properly? A belts and braces check that they've all been correctly updated. I've seen that a lot of people de-federating have had to use Convert-MsolFederatedUser for some users after Convert-MsolDomainToStandard crashed out. What attributes would mark an Azure user as using federated logon rather than managed?
You can review the Application Event log to check if the password sync for every federated user is successful, as well as the sync time.
The Event ID 650 indicates that the password sync process started, and the Event ID 657 will show you users whose password sync is successful or not.
For the second question, I haven't found such powershell comlet to query if the users have been de-federated or not. However, when using the following cmdlet, you will get the users listed in the password.txt, which contains each federated users' temporary password. If you run the following cmdlet again, the users who have already been converted to de-federated will not be issued a new password, the temporary password column will be changed to N/A after the full password sync is completed. So, you can confirm if a user is de-federated or not based on this by examining the password files.
Convert-MsolDomainToStandard -DomainName federated Domain name -SkipUserConversion $false -PasswordFile c:\password.txt
Finally, more references around this can be found here:[1] and [2].
I'm curious to know if a user can reset their own password via AD after it has expired using a powershell script. I'm assuming it's not possible but would love it if someone could prove me wrong:
We have 10 domains, and I have an account in each domain each using the same password, I would like to know if it's possible if I could (using powershell) write a script to connect to each domain and set the password (even after the password has expired).
All help would be appreciated.
It shouldn't be possible as far as I know, as it would open a security risk to allow users to reset their own expired passwords.
However, if you are a sys-admin you will have different privileges.
So if you want to change your passwords on all 10 domains, write a script to change them before your password expires (and a script to alert you when you password is about to expire on the different domains).
User Administrator takes his password from "JIRA Internal Directory" (which means from database, as I understand). I know this password, but in some reasons I want to reset it. But in Administrator's profile there is no link "Set password".
All I found on the Internet - how to send password by e-mail (not to change it!) and view/change it's hash right in database by SQL query.
Is there any method that I overlooked?
Yes, go to Admin, System, General Config and change External User Management to off. Then put the internal directory at the top in the list of User Directories. Go to the admin's profile and click on Change Password. Then undo the previous steps