I have several users of our PostgreSQL (12) database who are not superusers. From the docs, it would appear that any "ordinary" user should be able to set their password to something new, via:
ALTER ROLE [user] WITH ENCRYPTED PASSWORD '[new password]' VALID UNTIL '2021-11-30'
However, when a non-superuser tries this, they receive a "permission denied" error.
For context, we would like to have database users update their passwords once every 3 months, for security purposes.
A regular user can not set the valid until option.
And if you think about it, it wouldn't make sense, as the user then could choose a much longer period.
Related
I have the following scenario:
If a user has a temporary password, that is been set in the last 24 hours, the user is forced to change the password. If the password has been set more than 24 hours ago, then the user is not able to log in.
If a user has a password that has been set in the last 180 days, the user is able to log in. If the password has been set longer than 180 days ago, the user is forced to reset the password.
The two types of password look different, so I can compare the password by a regular expression to check if it is a temporary password or not.
The problem is that knowing that the password is temporary or not, I have to apply the 24 hour or 180 day expiration time of the policy. So how do I know when the password was last updated?
Initially, I have thought in using a custom attribute to store this value, but I thought that this should be recorded somewhere by default. It makes sense to me that Microsoft wanted to audit this on their side for compliance and security purposes. It also makes sense to me that this could probably be on Graph, but so far, I haven't found this filter exists.
Question is, does this filter exist or I need to go through the custom attribute route?
I tried to reproduce the same in my environment and got the results as below:
To know the when the password of the Azure AD B2C users was last updated, try the below query:
GET https://graph.microsoft.com/v1.0/users?$select=displayName,lastPasswordChangeDateTime
Make sure to consent User.Read.All permission to fetch the lastPasswordChangeDateTime.
I'm an employee of internet service provider.
So, I am trying to solve one customer's problem: he cant pass RADIUS authentication with correct username and password. According to the client, he did not changed his device properties since all things where right.
You need to talk with your backend developer. It's a backend side error message.
In code, there are lines that are throwing that error. According to the error message, It's possible to account is deleted and that's why error message 1 - Invalid account, when email/username exists in DB backend must throw an error like your username or password is incorrect.
But it depends on how your program is handled in that case.
So you can request your programmer for changing that client password and give a new password to the client.
Or if your program supports reset password functionality that client can reset the password(if the account is not deleted)
If the account is deleted you need to go your backups and restore that account data if you have backups for your DB.
Or if you have an admin account that has admin privileges you can view your client data there and if the client exists you need only reset account password.
So it depends on your program what functionalities you have in your program. In worse case ask your programmers, they can set a new password for the client(if the account is not deleted).
I have a problem with the access of my admin user to the backoffice of the prestashop store.
The sequence I use is to enter user and password and it does not enter in the admin side.
The weird thing is that when I enter the right user and password does not return me any message. I have entered a wrong password on purpose and it returns me an error message (that is what I expect).
I have changed the password using the “forgot password” method and I have also do a process of updating it manually through this process:
https://www.prestashop.com/forums/topic/4843-lost-password-the-solution-is-in-the-forum-but-in-french/
and it has not worked either.
I have checked the whole environment and I was not able to find anything strange. I have looked for other similar situations and I was not able to find other reasons.
What could be happening?
What else should I check?
Best regards
Check your ps_employee table.
Manually reset password for your admin user.
Edit record,
set password 'MD5' type. enter new password in value input type and just after your newpassword put your _COOKIE_KEY_ which you can get from config/settings.inc.php.
Then check.
Your issue will be solved.
The steps mentioned at Reset User Password seems a bit confusing to me.
For example, A user normally reset his password because he cannot remember existing one.
Now, the above link mentions that
The refresh token can be retrieved by calling user.token after logging in via Realm.Sync.User
But, as user does not know his current password, how can the app get the refresh token?
I seem to be missing something here, not sure what..
Would be nice if someone could explain the complete steps for password reset by user.
"Password reset" is a bit of a misnomer. The functionality in question is intended for a logged-in user to change their own password (for example, from a "Settings" or "Profile" screen), or for a user with administrative privileges to change an arbitrary user's password.
There is another common use case in which a user who is logged out and does not remember their password wishes to reset it. In many cases this process involves sending them an email with a link which, upon being visited, will allow them to specify a new password. The Realm Object Server doesn't support this sort of password reset out of the box; you may want to file an issue at its issue tracker to request it (since it seems quite important).
I'm trying to create a new user in MODX REVOLUTION 2.3.0 but for some reason, the user cannot access the manager area. I tried to clear every bit of cache as well as to made sure the password is created by the system (email has been sent) and the user belongs to the Users Group.
Strangely, when looking at the user settings, it says that the user has made some 10 logins, but in reality, he has not.
When I type a wrong password, I get the wrong password error message, when I type a correct password, the input field gets cleared and nothing else happens.
Any idea how to solve this?
Thanks.
It seems that user don't have access to mgr context. Any user needs «frames» permission to get access to the manager.
Try to update user's data and make him a sudoer. It'll help to understand if wrong permissions cause the problem.
Exactly. Like #proxyfabio said, he needs access to the manager. To at least asses if the user login works, give him temporary SUDO rights. If that works, work your way from the ground up.
Make sure an Access Policy Template and Access Policy is created. Make sure the policy contains "frames" and is checked at the Policy Template edit screen. Next, PLEASE, make a separate Role, like "Customer". Go into the Aministrator group (or again, PLEASE, create a Customer group) and head on over to the Users tab. Add the User to the group with the Role Customer - "your level" (I usually use increments of 500 or 1000).
Under Context Access, add the user to the mgr context with the specified role and your Customer policy. Do the same for web if you with to avoid any in depth issues.
Finally, save your settings, flush your permissions, clear your cache and optionally flush your sessions table (you can also delete cookies for the browser you're using). When you've done all that, create an Incognito tab in Chrome or Firefox to avoid issues and try the login again.
I have somewhat the same issue if I try login a duplicate manager user from an android phone, the login count goes up, wrong password gives error and correct password just refresh the login page.
However logging in from a computer works. Initially it didn't...
Here are my steps:
Duplicate manager user
Set new password
Login fails
Click forget login for e-mail
Login successfully (computer) with the new generated password
Change original password to original password!? :D
Login works everywhere except my phone