轮换密码

轮换用户密码。

Redis 企业软件

Redis Enterprise Software 允许您使用 REST API 实施密码轮换策略。

您可以为数据库用户添加新密码,而无需立即使旧密码失效(这可能会导致 生产环境 中的身份验证错误)。

注意:
密码轮换不适用于默认用户。添加其他用户以启用密码轮换。

密码轮换策略

对于用户对 Redis Enterprise Software Cluster Manager UI 的访问, 您可以设置密码过期策略以提示用户更改其密码。

但是,对于依赖密码身份验证的数据库连接, 在将新密码转出到系统时,您需要允许使用现有密码进行身份验证。

使用 Redis Enterprise Software REST API,您可以向用户帐户添加其他密码,以便对数据库或集群管理器 UI 和 API 进行身份验证。

在数据库连接中替换旧密码后,您可以删除旧密码以完成密码轮换过程。

警告:
仅支持使用 REST API 的多个密码。 如果在 Cluster Manager UI 中重置用户的密码, 新密码将替换该用户的所有其他密码。

新密码不能作为用户的密码存在,并且必须满足密码复杂性要求(如果启用)。

轮换密码

要轮换用户帐户的密码:

  1. 向用户帐户添加其他密码POST /v1/users/password:

    POST https://[host][:port]/v1/users/password
     '{"username":"<username>", "old_password":"<an_existing_password>", "new_password":"<a_new_password>"}'

    After you send this request, you can authenticate with both the old and the new password.

  2. Update the password in all database connections that connect with the user account.

  3. Delete the original password with DELETE /v1/users/password:

    DELETE https://[host][:port]/v1/users/password
       '{"username":"<username>", "old_password":"<an_existing_password>"}'

    If there is only one valid password for a user account, you cannot delete that password.

Replace all passwords

You can also replace all existing passwords for a user account with a single password that does not match any existing passwords. This can be helpful if you suspect that your passwords are compromised and you want to quickly resecure the account.

To replace all existing passwords for a user account with a single new password, use PUT /v1/users/password:

PUT https://[host][:port]/v1/users/password
    '{"username":"<username>", "old_password":"<an_existing_password>", "new_password":"<a_new_password>"}'

All of the existing passwords are deleted and only the new password is valid.

Note:
If you send the above request without specifying it is a PUT request, the new password is added to the list of existing passwords.
RATE THIS PAGE
Back to top ↑