is it possible to change an encrypted password with a sql query?
I have a user who for some reason can't log in and can't make her reset password recredentialing work.
This is simple: just use ALTER ROLE with the encrypted password.
ALTER ROLE luser PASSWORD 'md565b6fad0e85688f3f101065bc39552df';
Be aware that the password might end up in the log file if logging is configured appropriately.
Related
I am facing problem in redshift where certain user cannot change its password. But users created by it can change their own password.
e.g:
when logged in as 'or_user' (I dont know how this original user was created, but it cant change its password. I tried below:)
select md5('password123' || 'or_user');
ALTER USER or_user WITH PASSWORD 'md5<hash>';
getting 'ERROR:permission denied'
But when I create user 'demo_user' using 'or_user', 'demo_user' is able to change its password, below commands:
ALTER USER demo_user WITH PASSWORD 'md5<hash>'; its getting success.
Additionally when I tried to grant system privilege to or_user using admin I get below error:
GRANT ALTER USER TO or_user;
ERROR: Grant/Revoke system privilege on User is not supported.
I have read postgres/redshift by default user can change there own password.
Maybe or_user does not have ALTER USER permission please help me with GRANT ALTER USER statement and how to find what permission this or_user have in all like CREATE USER, ALTER USER, DROP USER, .... like mostly database permissions.
I have an app which allows the user to reset password. I user the django authentification system but everytime I want to send an email I get the error ' 535, b'5.7.8 Username and Password not accepted. '.
I have already generated and app password and replace the password in my "settings.py" but I still get this error.
have you
tried sending passwords with a separate python script or application like the REST Client in VSC to assure the credentials are working? At least when using gmail I know you have to adapt the security settings in the gmail account used.
checked e.g. by using print statements (ONYL in you dev environment!) that the credentials are available as expected?
I've successfully applied a custom password policy for my IAM users in AWS:
aws iam update-account-password-policy --minimum-password-length 64 --allow-users-to-change-password --password-reuse-prevention 24
Next I force a password reset - this also works.
But the when I deliberately try to set the new password to a non-compliant one, I get this rather opaque error at the top of the page (https://us-east-1.signin.aws.amazon.com/changepassword):
Either user is not authorized to perform iam:ChangePassword or entered password does not comply with account password policy set by administrator
Is there a way to configure useful feedback? Such as: Password should be at least 64 characters?
There is currently no way to customize this error message. There is an AWS Developer Forums thread from 2017 that raises this issue, however the response appears to have only been to add "or entered password does not comply with account password policy set by administrator".
Unfortunately your only option is to communicate password complexity requirements through a parallel vector. Alternatively, if you create accounts by setting a temporary password for the user instead of requiring a password reset, you could (outside of AWS) template an email to send that to the user that includes instructions on password complexity.
The API does actually clarify whether it was a password policy issue, however.
We are using AWS Cognito CLI (cognito-idp), and our dev & staging environments are frequently iterating, and as such we sometimes have a user account entering the FORCE_CHANGE_PASSWORD state - and yet we don't have the session info we need to trigger the password change, nor can we seem to then trigger another "reset".
Is there a way to toggle the state out of FORCE_CHANGE_PASSWORD, or a way to get the session token needed to change the password ourselves?
Do you know the old/temporary password of that user which is in FORCE_CHANGE_PASSWORD state?
If yes, then you could use that same password to authenticate, which would return a challenge called NEW_PASSWORD_REQUIRED. You can then use this session id, to make a subsequent call to reset the password.
Steps:
Call admin-initate-auth with --auth-flow as "ADMIN_NO_SRP_AUTH" with old password.
Response should have challenge as NEW_PASSWORD_REQUIRED. Save the session id.
Call admin-respond-to-auth-challenge with the above value for --challenge-name and new password.
I have Admin account and want to change password for a specific user on a local Windows Server 2008 machine. Is there possibility to programmatically change the password ignoring Local Password Policy (complexity, history, minimum password age)?
I tried NetUserChnagePassword but it does not allow to ignore Password Policy.