Details
-
Bug
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Fixed
-
None
-
None
Description
Currently once a user is "blocked" because of hitting wrong password attempts limit, it is impossible to unblock it except by running a FLUSH PRIVILEGES command.
This is also apparent in the error message.
eng "User is blocked because of too many credential errors; unblock with 'FLUSH PRIVILEGES'"
FLUSH PRIVILEGES is an outdated command, typically used when manual ACL tables were modified. It causes heavy disk reads of all ACL tables. There should be a less heavyweight way of reseting user limits.
The proposed solution, as agreed with serg and monty is to make any ALTER USER command reset those counters.
This means that ALTER USER foo ACCOUNT UNLOCK can be used to reset account limit counters without actually affecting the user. A user could not have reached max wrong password attempts if the account was locked in the first place.
Attachments
Issue Links
- relates to
-
DOCS-5477 Loading...