zoukankan      html  css  js  c++  java

  • gitlab—2FA双因子认证登录配置

    一、2FA配置

    Two-Factor Authentication(2FA),一般称双因素认证

    1)gitlab配置

    image

    image

    2)手机端下载Authenticator

    添加账户==>其他账户==>扫描二维码

    74f17ade1154779c942b335d5137c65

    3)gitlab填入pin code

    image

    4)重新登录测试

    image

    可以填入pin code或者recovery code(当无法获取pin code时)

    image

    参考文档:

    https://docs.gitlab.com/ee/user/profile/account/two_factor_authentication.html

    https://www.cnblogs.com/wangxu01/articles/11057507.html

    二、2FA禁用

    2.1、思路分析

    进入postgresql数据库,修改user表,将otp_required_for_login  、 require_two_factor_authentication_from_group 这两个字段,都改为false(数据库中用f表示)

    2.2、操作步骤

    由于我的gitlab使用docker容器起的,需要进入容器中

    1)进入docker容器

    [root@git ~]# docker ps 
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS                       PORTS                                                           NAMES
3694c2292ed0        gitlab/gitlab-ce    "/assets/wrapper"   42 hours ago        Up About an hour (healthy)   0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp, 0.0.0.0:222->22/tcp   gitlab
[root@git ~]# docker exec -it gitlab /bin/sh
#

    2)查看/etc/passwd,发现gitlab-psql用户是可以登录的

    [root@git ~]# docker exec -it gitlab /bin/sh
# cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin
sys:x:3:3:sys:/dev:/usr/sbin/nologin
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/usr/sbin/nologin
man:x:6:12:man:/var/cache/man:/usr/sbin/nologin
lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin
mail:x:8:8:mail:/var/mail:/usr/sbin/nologin
news:x:9:9:news:/var/spool/news:/usr/sbin/nologin
uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin
proxy:x:13:13:proxy:/bin:/usr/sbin/nologin
www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin
backup:x:34:34:backup:/var/backups:/usr/sbin/nologin
list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin
irc:x:39:39:ircd:/var/run/ircd:/usr/sbin/nologin
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/usr/sbin/nologin
nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
systemd-timesync:x:100:102:systemd Time Synchronization,,,:/run/systemd:/bin/false
systemd-network:x:101:103:systemd Network Management,,,:/run/systemd/netif:/bin/false
systemd-resolve:x:102:104:systemd Resolver,,,:/run/systemd/resolve:/bin/false
systemd-bus-proxy:x:103:105:systemd Bus Proxy,,,:/run/systemd:/bin/false
_apt:x:104:65534::/nonexistent:/bin/false
sshd:x:105:65534::/var/run/sshd:/usr/sbin/nologin
git:x:998:998::/var/opt/gitlab:/bin/sh
gitlab-www:x:999:999::/var/opt/gitlab/nginx:/bin/false
gitlab-redis:x:997:997::/var/opt/gitlab/redis:/bin/false
gitlab-psql:x:996:996::/var/opt/gitlab/postgresql:/bin/sh
mattermost:x:994:994::/var/opt/gitlab/mattermost:/bin/sh
registry:x:993:993::/var/opt/gitlab/registry:/bin/sh
gitlab-prometheus:x:992:992::/var/opt/gitlab/prometheus:/bin/sh
gitlab-consul:x:991:991::/var/opt/gitlab/consul:/bin/sh

    3)查看数据库配置信息

    # cat /var/opt/gitlab/gitlab-rails/etc/database.yml
# This file is managed by gitlab-ctl. Manual changes will be
# erased! To change the contents below, edit /etc/gitlab/gitlab.rb
# and run `sudo gitlab-ctl reconfigure`.

production:
  adapter: postgresql
  encoding: unicode
  collation: 
  database: gitlabhq_production   #要登录的数据库
  pool: 1
  username: "gitlab"
  password: 
  host: "/var/opt/gitlab/postgresql"  #登录主机
  port: 5432
  socket: 
  sslmode: 
  sslcompression: 0
  sslrootcert: 
  sslca: 
  load_balancing: {"hosts":[]}
  prepared_statements: false
  statements_limit: 1000
  fdw: 
#

    4)根据上面的配置信息登陆postgresql数据库

    # su - gitlab-psql
$

    5)连接到gitlabhq_production库

    $ psql  -h  /var/opt/gitlab/postgresql  -d  gitlabhq_production
psql (10.9)
Type "help" for help.

gitlabhq_production=#

    6)操作数据库

    查看数据库:

    image

    查看多表:

    image

    查看users表:

    gitlabhq_production=# d users

    image

    查看users表中用户的关键信息,取4个字段:

    gitlabhq_production=# SELECT name,username,otp_required_for_login,two_factor_grace_period, require_two_factor_authentication_from_group   FROM users;

    image

    修改字段:

    gitlabhq_production=# UPDATE users set otp_required_for_login = 'f' WHERE username = 'root';
UPDATE 1

    image

    7)q退出数据库,重新登录gitlab,就没要求2FA认证

    image

    参考文档:

    https://www.cnblogs.com/andy9468/p/10606883.html
  • 相关阅读:
    [LeetCode] Power of Three 判断3的次方数
    [LeetCode] 322. Coin Change 硬币找零
    [LeetCode] 321. Create Maximum Number 创建最大数
    ITK 3.20.1 VS2010 Configuration 配置
    VTK 5.10.1 VS2010 Configuration 配置
    FLTK 1.3.3 MinGW 4.9.1 Configuration 配置
    FLTK 1.1.10 VS2010 Configuration 配置
    Inheritance, Association, Aggregation, and Composition 类的继承,关联,聚合和组合的区别
    [LeetCode] Bulb Switcher 灯泡开关
    [LeetCode] Maximum Product of Word Lengths 单词长度的最大积
  • 原文地址:https://www.cnblogs.com/hujinzhong/p/12199712.html
Copyright © 2011-2022 走看看