DEV Community

Michael
Michael

Posted on • Originally published at gbase.cn

Configuring Password Complexity in GBase 8a: Parameters and Scope

#gbase #database #数据库 #security

Password complexity policies in GBase 8a MPP Cluster are controlled by a set of cluster‑wide parameters. Once applied, they affect every user immediately — there is no per‑user override.

1. Where to Set Them

These are read‑only parameters that must be added to the configuration files at both layers and applied with a cluster restart:

  • GCluster layer: $GCLUSTER_BASE/config/gbase_8a_gcluster.cnf
  • GNode layer: $GBASE_BASE/config/gbase_8a_gbase.cnf

Add the identical block to both files:

password_min_length=8
password_format_option=3
password_not_same_reverse_username=1
password_max_contain_continuous_char=4
password_reuse_max=3
password_life_time=30
login_attempt_max=6
Enter fullscreen mode Exit fullscreen mode

Then restart: gcluster_services all restart

2. What Each Parameter Does

Parameter Policy Value Description
password_min_length Minimum 8 characters 8 Shortest allowed password
password_format_option At least 3 character types (digit, lower, upper, special) 3 3 = must contain 3 of the 4 types
password_not_same_reverse_username Cannot match or reverse the username 1 1 or ON enables this check
password_max_contain_continuous_char Maximum 4 consecutive characters of the same type 4 Prevents runs like "1111" or "aaaa"
password_reuse_max Cannot reuse last 3 passwords 3 Depth of password history
password_life_time Password expires after 30 days 30 Maximum password age in days
login_attempt_max Account permanently locked after 6 failures 6 Failed login threshold

3. Scope: Cluster‑Wide

  • All users are affected: root, gbase, and every future account.
  • Existing users can still log in with their current password, but must comply with the new policy on their next password change. Once a password expires or a lockout is triggered, the policy is enforced immediately.
  • New users must use a compliant password from the start.
  • Because these parameters are set in the cluster config files across all nodes, the policy is inherently global. You cannot tailor it per user.

4. Quick Checklist

  • Adjust 7 core parameters.
  • Place them in both the GCluster and GNode configuration files.
  • Restart the cluster.
  • Validate: creating a user with a weak password or logging in with an old, non‑compliant password should be rejected. A password meeting all complexity rules should succeed.

This straightforward global policy helps you lock down a gbase database consistently across every account.

Top comments (0)