南大通用GBase 8a数据库登录最大登录错误次数 login_attempt_max。账号锁定lock和手工unlokc解锁

GBase 8a数据库集群,通过login_attempt_max参数控制尝试登陆的密码错误次数,超过了会将账号锁定。默认为0不限制次数。

参数

login_attempt_max

注意:该参数,对gbase用户不生效,因为该用户,是数据库内部通信用的。其它用户,包括root,都生效。

默认值

0 不限制
其它整数 达到这个次数后,账号被lock

修改方式

通过修改gcluster的配置文件。不允许set。

样例

如下将次数改成3次,然后重启gclusterd服务。测试密码错误

[gbase@localhost ~]$ gccli -uabc -pabc
ERROR 1045 (28000): Access denied for user 'abc'@'127.0.0.1' (using password: YES)
[gbase@localhost ~]$ gccli -uabc -pabc
ERROR 1045 (28000): Access denied for user 'abc'@'127.0.0.1' (using password: YES)
[gbase@localhost ~]$ gccli -uabc -pabc
ERROR 1829 (HY000): Access denied for user 'abc'@'%'. Account is locked.
[gbase@localhost ~]$ gccli -uabc -pabc
ERROR 1829 (HY000): Access denied for user 'abc'@'%'. Account is locked.
[gbase@localhost ~]$ gccli -uabc -pabc
ERROR 1829 (HY000): Access denied for user 'abc'@'%'. Account is locked.
[gbase@localhost ~]$ gccli -uabc -pabcd
ERROR 1829 (HY000): Access denied for user 'abc'@'%'. Account is locked.

手工解锁

需要使用管理员用户gbase,注意root也会被锁定,只有gbase不会。

gbase> alter user abc account unlock;
Query OK, 0 rows affected (Elapsed: 00:00:00.01)

gbase> ^CAborted
[gbase@localhost ~]$ gccli -uabc -pabcd

特殊账号测试

gbase用户不生效

超过了设置的5次,依然可以登录。

[gbase@rh6-1 ~]$ gccli -ugbase -p123
ERROR 1045 (28000): Access denied for user 'gbase'@'localhost' (using password: YES)
[gbase@rh6-1 ~]$ gccli -ugbase -p123
ERROR 1045 (28000): Access denied for user 'gbase'@'localhost' (using password: YES)
[gbase@rh6-1 ~]$ gccli -ugbase -p123
ERROR 1045 (28000): Access denied for user 'gbase'@'localhost' (using password: YES)
[gbase@rh6-1 ~]$ gccli -ugbase -p123
ERROR 1045 (28000): Access denied for user 'gbase'@'localhost' (using password: YES)
[gbase@rh6-1 ~]$ gccli -ugbase -p123
ERROR 1045 (28000): Access denied for user 'gbase'@'localhost' (using password: YES)
[gbase@rh6-1 ~]$ gccli -ugbase -p123
ERROR 1045 (28000): Access denied for user 'gbase'@'localhost' (using password: YES)
[gbase@rh6-1 ~]$ gccli -ugbase -p123
ERROR 1045 (28000): Access denied for user 'gbase'@'localhost' (using password: YES)

root生效

第5次,账号被锁了。

[gbase@rh6-1 ~]$ gccli -uroot -p123
ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES)
[gbase@rh6-1 ~]$ gccli -uroot -p123
ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES)
[gbase@rh6-1 ~]$ gccli -uroot -p123
ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES)
[gbase@rh6-1 ~]$ gccli -uroot -p123
ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES)
[gbase@rh6-1 ~]$ gccli -uroot -p123
ERROR 1829 (HY000): Access denied for user 'root'@'%'. Account is locked.
[gbase@rh6-1 ~]$ gccli -uroot -p123
ERROR 1829 (HY000): Access denied for user 'root'@'%'. Account is locked.
[gbase@rh6-1 ~]$ gccli -uroot -p123
ERROR 1829 (HY000): Access denied for user 'root'@'%'. Account is locked.

参考

GBase 8a集群创建用户create user完整语法