zoukankan      html  css  js  c++  java

  • gitlab—2FA双因子认证登录配置

    一、2FA配置

    Two-Factor Authentication(2FA),一般称双因素认证

    1)gitlab配置

    image

    image

    2)手机端下载Authenticator

    添加账户==>其他账户==>扫描二维码

    74f17ade1154779c942b335d5137c65

    3)gitlab填入pin code

    image

    4)重新登录测试

    image

    可以填入pin code或者recovery code(当无法获取pin code时)

    image

    参考文档:

    https://docs.gitlab.com/ee/user/profile/account/two_factor_authentication.html

    https://www.cnblogs.com/wangxu01/articles/11057507.html

    二、2FA禁用

    2.1、思路分析

    进入postgresql数据库,修改user表,将otp_required_for_login  、 require_two_factor_authentication_from_group 这两个字段,都改为false(数据库中用f表示)

    2.2、操作步骤

    由于我的gitlab使用docker容器起的,需要进入容器中

    1)进入docker容器

    [root@git ~]# docker ps 
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS                       PORTS                                                           NAMES
3694c2292ed0        gitlab/gitlab-ce    "/assets/wrapper"   42 hours ago        Up About an hour (healthy)   0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp, 0.0.0.0:222->22/tcp   gitlab
[root@git ~]# docker exec -it gitlab /bin/sh
#

    2)查看/etc/passwd,发现gitlab-psql用户是可以登录的

    [root@git ~]# docker exec -it gitlab /bin/sh
# cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin
sys:x:3:3:sys:/dev:/usr/sbin/nologin
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/usr/sbin/nologin
man:x:6:12:man:/var/cache/man:/usr/sbin/nologin
lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin
mail:x:8:8:mail:/var/mail:/usr/sbin/nologin
news:x:9:9:news:/var/spool/news:/usr/sbin/nologin
uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin
proxy:x:13:13:proxy:/bin:/usr/sbin/nologin
www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin
backup:x:34:34:backup:/var/backups:/usr/sbin/nologin
list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin
irc:x:39:39:ircd:/var/run/ircd:/usr/sbin/nologin
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/usr/sbin/nologin
nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
systemd-timesync:x:100:102:systemd Time Synchronization,,,:/run/systemd:/bin/false
systemd-network:x:101:103:systemd Network Management,,,:/run/systemd/netif:/bin/false
systemd-resolve:x:102:104:systemd Resolver,,,:/run/systemd/resolve:/bin/false
systemd-bus-proxy:x:103:105:systemd Bus Proxy,,,:/run/systemd:/bin/false
_apt:x:104:65534::/nonexistent:/bin/false
sshd:x:105:65534::/var/run/sshd:/usr/sbin/nologin
git:x:998:998::/var/opt/gitlab:/bin/sh
gitlab-www:x:999:999::/var/opt/gitlab/nginx:/bin/false
gitlab-redis:x:997:997::/var/opt/gitlab/redis:/bin/false
gitlab-psql:x:996:996::/var/opt/gitlab/postgresql:/bin/sh
mattermost:x:994:994::/var/opt/gitlab/mattermost:/bin/sh
registry:x:993:993::/var/opt/gitlab/registry:/bin/sh
gitlab-prometheus:x:992:992::/var/opt/gitlab/prometheus:/bin/sh
gitlab-consul:x:991:991::/var/opt/gitlab/consul:/bin/sh

    3)查看数据库配置信息

    # cat /var/opt/gitlab/gitlab-rails/etc/database.yml
# This file is managed by gitlab-ctl. Manual changes will be
# erased! To change the contents below, edit /etc/gitlab/gitlab.rb
# and run `sudo gitlab-ctl reconfigure`.

production:
  adapter: postgresql
  encoding: unicode
  collation: 
  database: gitlabhq_production   #要登录的数据库
  pool: 1
  username: "gitlab"
  password: 
  host: "/var/opt/gitlab/postgresql"  #登录主机
  port: 5432
  socket: 
  sslmode: 
  sslcompression: 0
  sslrootcert: 
  sslca: 
  load_balancing: {"hosts":[]}
  prepared_statements: false
  statements_limit: 1000
  fdw: 
#

    4)根据上面的配置信息登陆postgresql数据库

    # su - gitlab-psql
$

    5)连接到gitlabhq_production库

    $ psql  -h  /var/opt/gitlab/postgresql  -d  gitlabhq_production
psql (10.9)
Type "help" for help.

gitlabhq_production=#

    6)操作数据库

    查看数据库:

    image

    查看多表:

    image

    查看users表:

    gitlabhq_production=# d users

    image

    查看users表中用户的关键信息,取4个字段:

    gitlabhq_production=# SELECT name,username,otp_required_for_login,two_factor_grace_period, require_two_factor_authentication_from_group   FROM users;

    image

    修改字段:

    gitlabhq_production=# UPDATE users set otp_required_for_login = 'f' WHERE username = 'root';
UPDATE 1

    image

    7)q退出数据库,重新登录gitlab,就没要求2FA认证

    image

    参考文档:

    https://www.cnblogs.com/andy9468/p/10606883.html
  • 相关阅读:
    有序向量
    无序向量
    设计模式入门
    策略模式
    面向对象相关知识点
    MySQL数据库知识培训
    数据库业务规范
    go最小路径
    go求质数
    CSS3
  • 原文地址:https://www.cnblogs.com/hujinzhong/p/12199712.html
Copyright © 2011-2022 走看看