Note:
This topic has been translated from a Chinese forum by GPT and might contain errors.
Original topic: 配置密码连续错误限制登录策略时,PASSWORD_LOCK_TIME参数如何设置为分钟为单位,锁定账户5分钟
[Test Environment for TiDB] Testing/
[TiDB Version] v6.5.0
[Reproduction Path] What operations were performed when the issue occurred
[Encountered Issue: Issue Phenomenon and Impact]
[Resource Configuration] Go to TiDB Dashboard - Cluster Info - Hosts and take a screenshot of this page
[Attachments: Screenshots/Logs/Monitoring]
It probably can’t be done, let’s wait for an expert to take a look.
Here’s a simple method for you: write a script that runs every 5 minutes or so to execute the query SELECT * FROM mysql.user a WHERE json_extract(a.User_attributes, '$.Password_locking.auto_account_locked')='Y' to check for locked accounts. If any accounts are found to be locked, unlock them. You can also use the json_extract(User_attributes, '$.Password_locking.auto_locked_last_changed') field to determine when the account was locked.
The official documentation states that the lock duration is measured in days. It probably doesn’t support minute-level granularity, but I haven’t tried it.
Thank you for your reply.
Thank you for the response.
set global tidb_password_lock_time = 300;
There is no tidb_password_lock_time parameter…
PASSWORD_LOCK_TIME: N | UNBOUNDED. N indicates that the account will be temporarily locked for N days after a login failure. UNBOUNDED means the lock time is indefinite, and the account must be manually unlocked. The value range for N is from 0 to 32767.
Thank you for the response. I would like to know if TiDB does not support minute-level account locking?
|
username: TiDBer_tYhUX7ue
|
username: 
|
username: 
|
username: 
|
username: 
|
username: