When a user is locked
Locked in the following cases:
Restriction by INACTIVE_USER_TIME
Restriction by FAILED_LOGIN_ATTEMPTS
If you want to allow a locked user to login again, unlock the user. Unlocking is performed using the pgx_unlock_user function. Operations can be performed by users with CREATEROLE privilege.
Refer to "B.3.2 User Management Functions" for functions.
[Example]
SELECT pgx_unlock_user('user1');To release a lock when a database administrator is locked, users other than the locked user with CREATEROLE privilege can do so. If the user does not exist, Fujitsu Enterprise Postgres must be started in single-user mode and the lock released.
Point
You can set PASSWORD_LOCK_TIME to automatically release locks due to FAILED_LOGIN_ATTEMPTS.
When the password expires
When a password life time is over, the password expires and cannot be used to connect to and operate on the database until the password is changed.
The password can be changed by the expired user itself, or by a user who has the CREATEROLE privilege and who is an administrator of that user (who has ADMIN privilege for that user).