PolarDB-O allow a database superuser to create named profiles. Each profile defines rules for password management that enhances the password and md5 authentication.
The rules in a profile support these features:
- Count failed logon attempts.
- Lock an account due to excessive failed logon attempts.
- Mark a password for expiration.
- Define a grace period after a password expires.
- Define rules for password complexity.
- Define rules of reusing a password.
A profile is a named set of password attributes that allow you to easily manage a group of roles. These roles share comparable authentication rules. If the password requirements change, you can modify the profile to create new rules for each user that is associated with that profile.
After you create a profile, you can associate the profile with one or more users. When a user connects to the server, the server enforces the profile that is associated with the logon role. Profiles are shared by all databases within a cluster, but each cluster may have multiple profiles. A single user that has access to multiple databases use the same profile to connect to each database within the cluster.
A PolarDB-O creates a profile named default that is associated with a new role when the role is created. If an alternative profile is specified, the new role is associated with the specified profile. If you upgrade the server to a PolarDB-O, existing roles are automatically assigned to the default profile. You cannot delete the default profile.
The default profile specifies the following attributes:
FAILED_LOGIN_ATTEMPTS UNLIMITED PASSWORD_LOCK_TIME UNLIMITED PASSWORD_LIFE_TIME UNLIMITED PASSWORD_GRACE_TIME UNLIMITED PASSWORD_REUSE_TIME UNLIMITED PASSWORD_REUSE_MAX UNLIMITED PASSWORD_VERIFY_FUNCTION NULL PASSWORD_ALLOW_HASHED TRUE