Enhancing security and operability
Fujitsu Enterprise Postgres has added 2 new features that further enhance its security and operability capabilities: policy-based login security and support for pgBackRest.
In this article, I will describe how to patch Fujitsu Enterprise Postgers and enable the new features.
Policy-based login security
Fujitsu Enterprise Postgres can refuse connection to the database server or force a password change if the database user's password status deviates from a pre-defined policy. Restrictions on password authentication are enabled by assigning database users information that sets policies for password authentication, called profiles.
The following restrictions can be applied to the operation of passwords:
- Set a password lifetime
- Lock accounts that have failed to log in continuously
- Restrict password reuse
- Set a grace period after the password lifetime until the database can no longer be operated
- If the account is locked due to repeated login failures, set the period during which the lock will be automatically unlocked
This makes it possible to operate passwords in accordance with security policies.
For an overview of this feature, check our webpage Key featuresScope
In this article, we discuss the procedure to patch the installed version of Fujitsu Enterprise Postgres. This patch will update the minor version from 15.0 to 15.4.
This patch provides the features below, in addition to regular bug fixes:
- pgBackRest, a backup management tool
- Policy-based login security
Prerequisites
- Install the required OS packages.
For the list of required packages, see Installation and Setup Guide for Server > Required operating system - The following packages are required to use pgBackRest:
- RHEL7: bzip2-libs, lz4
- RHEL8, RHEL9: bzip2-libs, lz4-libs
- SLES12: libbz2-1, liblz4-1_7
- SLES15: libbz2-1, liblz4-1
- Fujitsu Enterprise Postgres 15 is installed, with an instance created and with encrypted tablespaces.
- The OS user fsepuser has been created.
Applying the patches
The process to apply the patch is described below.
1 Set up the YUM repository
As a root user, create a repository on the server with JFrog credentials.
# vi /etc/yum.repos.d/fep-patches.repo
[FEP-Patches]
name=FEP Patches
baseurl=https://<URL_ENCODED_USERNAME>:<PASSWORD>@fujitsu.jfrog.io/artifactory/EnterprisePostgres_AE_x86_64_patch/15/RHEL8/
enabled=1
gpgcheck=0
Note: A JFrog account is needed to download and apply patches - you will have received with username/password in your Welcome Pack email.
Update the RHEL version of the Fujitsu Enteprise Postgres server to the baseurl. The above setting is for RHEL8.
2 List the available patches
Run the command below to check the packages available for Fujitsu Enteprise Postgres.
[root@fep-prod: ~]$ dnf --repo="FEP-Patches" list available FJSV*
Available Packages
FJSVfsep-AUDIT-15.x86_64 1501-0.el8 FEP-Patches
FJSVfsep-CL-15.x86_64 1501-0.el8 FEP-Patches
FJSVfsep-CL-CM-15.x86_64 1501-0.el8 FEP-Patches
FJSVfsep-JDBC-15.x86_64 1501-0.el8 FEP-Patches
FJSVfsep-ODBC-15.x86_64 1501-0.el8 FEP-Patches
FJSVfsep-POOL2-15.x86_64 1501-0.el8 FEP-Patches
FJSVfsep-SV-15.x86_64 1501-0.el8 FEP-Patches
FJSVfsep-SV-CM-15.x86_64 1501-0.el8 FEP-Patches
FJSVfsep-SV-OPJ-15.x86_64 1501-0.el8 FEP-Patches
FJSVfsep-ULOG-15.x86_64 1501-0.el8 FEP-Patches
[root@fep-prod: ~]$
3 Stop the Fujitsu Enterprise Postgres instance
Check the version of Fujitsu Enteprise Postgres, and stop all instances.
[fsepuser@fep-prod: ~]$ psql
psql (15.0)
Type "help" for help.
postgres=# SELECT version();
version
-------------------------------------------------------------------------------------------------------
PostgreSQL 15.0 on x86_64-pc-linux-gnu, compiled by gcc (GCC) 8.3.1 20191121 (Red Hat 8.3.1-5), 64-bit
(1 row)
postgres=#\q
[fsepuser@fep-prod: ~]$ pg_ctl -D /database/inst1 stop
waiting for server to shut down......done
server stopped
[fsepuser@fep-prod: ~]$ ps -ef | grep postgres
fsepuser 8413 8359 0 02:45 pts/0 00:00:00 grep --color=auto postgres
[fsepuser@fep-prod: ~]$
4 Apply/update available patches
Apply/update all available packages.
[root@fep-prod: ~]$ dnf update --repo="FEP-Patches"
Last metadata expiration check: 0:57:19 ago on Tue 10 Oct 2023 03:57:40 AM UTC.
Dependencies resolved.
==========================================================================
Package Arch Version Repository Size
==========================================================================
Upgrading:
FJSVfsep-AUDIT-15 x86_64 1501-0.el8 FEP-Patches 243 k
FJSVfsep-CL-15 x86_64 1501-0.el8 FEP-Patche s21 M
FJSVfsep-CL-CM-15 x86_64 1501-0.el8 FEP-Patches 86 k
FJSVfsep-JDBC-15 x86_64 1501-0.el8 FEP-Patches 1.0 M
FJSVfsep-ODBC-15 x86_64 1501-0.el8 FEP-Patches 1.4 M
FJSVfsep-POOL2-15 x86_64 1501-0.el8 FEP-Patches 4.4 M
FJSVfsep-SV-15 x86_64 1501-0.el8 FEP-Patches 99 M
FJSVfsep-SV-CM-15 x86_64 1501-0.el8 FEP-Patches 256 k
FJSVfsep-SV-OPJ-15 x86_64 1501-0.el8 FEP-Patches 100 M
FJSVfsep-ULOG-15 x86_64 1501-0.el8 FEP-Patches 144 k
Transaction Summary
==========================================================================
Upgrade 10 Packages
Total download size: 228 M
Is this ok [y/N]: y
Downloading Packages:
(1/10): FJSVfsep-POOL2-15-1501-0.el8.x86_ 2.3 MB/s | 4.4 MB 00:01
(2/10): FJSVfsep-ODBC-15-1501-0.el8.x86_6 3.3 MB/s | 1.4 MB 00:00
(3/10): FJSVfsep-CL-CM-15-1501-0.el8.x86_ 205 kB/s | 86 kB 00:00
(4/10): FJSVfsep-AUDIT-15-1501-0.el8.x86_ 689 kB/s | 243 kB 00:00
(5/10): FJSVfsep-SV-CM-15-1501-0.el8.x86_ 750 kB/s | 256 kB 00:00
(6/10): FJSVfsep-ULOG-15-1501-0.el8.x86_6 318 kB/s | 144 kB 00:00
(7/10): FJSVfsep-JDBC-15-1501-0.el8.x86_6 2.7 MB/s | 1.0 MB 00:00
(8/10): FJSVfsep-SV-15-1501-0.el8.x86_64. 13 MB/s | 99 MB 00:07
(9/10): FJSVfsep-SV-OPJ-15-1501-0.el8.x86 9.8 MB/s | 100 MB 00:10
(10/10): FJSVfsep-CL-15-1501-0.el8.x86_64 3.4 MB/s | 21 MB 00:06
--------------------------------------------------------------------------
Total 22 MB/s | 228 MB 00:10
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing:1/1
Upgrading : FJSVfsep-CL-15-1501-0.el8.x86_64 1/20
Upgrading : FJSVfsep-JDBC-15-1501-0.el8.x86_64 2/20
Upgrading : FJSVfsep-ULOG-15-1501-0.el8.x86_64 3/20
Upgrading : FJSVfsep-SV-CM-15-1501-0.el8.x86_64 4/20
Upgrading : FJSVfsep-AUDIT-15-1501-0.el8.x86_64 5/20
Upgrading : FJSVfsep-CL-CM-15-1501-0.el8.x86_64 6/20
Upgrading : FJSVfsep-ODBC-15-1501-0.el8.x86_64 7/20
Upgrading : FJSVfsep-SV-15-1501-0.el8.x86_64 8/20
Upgrading : FJSVfsep-SV-OPJ-15-1501-0.el8.x86_64 9/20
Upgrading : FJSVfsep-POOL2-15-1501-0.el8.x86_64 10/20
Cleanup : FJSVfsep-CL-15-1500-0.el8.x86_64 11/20
Cleanup : FJSVfsep-JDBC-15-1500-0.el8.x86_64 12/20
Cleanup : FJSVfsep-ULOG-15-1500-0.el8.x86_64 13/20
Cleanup : FJSVfsep-SV-CM-15-1500-0.el8.x86_64 14/20
Cleanup : FJSVfsep-AUDIT-15-1500-0.el8.x86_64 15/20
Cleanup : FJSVfsep-CL-CM-15-1500-0.el8.x86_64 16/20
Cleanup : FJSVfsep-ODBC-15-1500-0.el8.x86_64 17/20
Cleanup : FJSVfsep-SV-15-1500-0.el8.x86_64 18/20
Cleanup : FJSVfsep-SV-OPJ-15-1500-0.el8.x86_64 19/20
Cleanup : FJSVfsep-POOL2-15-1500-0.el8.x86_64 20/20
Verifying : FJSVfsep-POOL2-15-1501-0.el8.x86_64 1/20
Verifying : FJSVfsep-POOL2-15-1500-0.el8.x86_64 2/20
Verifying : FJSVfsep-SV-OPJ-15-1501-0.el8.x86_64 3/20
Verifying : FJSVfsep-SV-OPJ-15-1500-0.el8.x86_64 4/20
Verifying : FJSVfsep-SV-15-1501-0.el8.x86_64 5/20
Verifying : FJSVfsep-SV-15-1500-0.el8.x86_64 6/20
Verifying : FJSVfsep-ODBC-15-1501-0.el8.x86_64 7/20
Verifying : FJSVfsep-ODBC-15-1500-0.el8.x86_64 8/20
Verifying : FJSVfsep-CL-CM-15-1501-0.el8.x86_64 9/20
Verifying : FJSVfsep-CL-CM-15-1500-0.el8.x86_64 10/20
Verifying : FJSVfsep-AUDIT-15-1501-0.el8.x86_64 11/20
Verifying : FJSVfsep-AUDIT-15-1500-0.el8.x86_64 12/20
Verifying : FJSVfsep-SV-CM-15-1501-0.el8.x86_64 13/20
Verifying : FJSVfsep-SV-CM-15-1500-0.el8.x86_64 14/20
Verifying : FJSVfsep-ULOG-15-1501-0.el8.x86_64 15/20
Verifying : FJSVfsep-ULOG-15-1500-0.el8.x86_64 16/20
Verifying : FJSVfsep-JDBC-15-1501-0.el8.x86_64 17/20
Verifying : FJSVfsep-JDBC-15-1500-0.el8.x86_64 18/20
Verifying : FJSVfsep-CL-15-1501-0.el8.x86_64 19/20
Verifying : FJSVfsep-CL-15-1500-0.el8.x86_64 20/20
Upgraded:
FJSVfsep-AUDIT-15-1501-0.el8.x86_64
FJSVfsep-CL-15-1501-0.el8.x86_64
FJSVfsep-CL-CM-15-1501-0.el8.x86_64
FJSVfsep-JDBC-15-1501-0.el8.x86_64
FJSVfsep-ODBC-15-1501-0.el8.x86_64
FJSVfsep-POOL2-15-1501-0.el8.x86_64
FJSVfsep-SV-15-1501-0.el8.x86_64
FJSVfsep-SV-CM-15-1501-0.el8.x86_64
FJSVfsep-SV-OPJ-15-1501-0.el8.x86_64
FJSVfsep-ULOG-15-1501-0.el8.x86_64
Complete!
[root@fep-prod: ~]$
Note: You can choose to apply only a specific package, using
$ dnf update FJSVfsep-SV-15-1501-0.el8.x86_64
5 Verify the patch versions
Verify the updated patches before starting the Fujitsu Enterprise Postgres instance.
[root@fep-prod: ~]$ dnf list installed FJSVfsep*
Installed Packages
FJSVfsep-AE-PR-15.x86_64 1500-0.el8 @System
FJSVfsep-AUDIT-15.x86_64 1501-0.el8 @FEP-Patches
FJSVfsep-CL-15.x86_64 1501-0.el8 @FEP-Patches
FJSVfsep-CL-CM-15.x86_64 1501-0.el8 @FEP-Patches
FJSVfsep-CL-PR-15.x86_64 1500-0.el8 @System
FJSVfsep-JDBC-15.x86_64 1501-0.el8 @FEP-Patches
FJSVfsep-ODBC-15.x86_64 1501-0.el8 @FEP-Patches
FJSVfsep-POOL2-15.x86_64 1501-0.el8 @FEP-Patches
FJSVfsep-POOL2-PR-15.x86_64 1500-0.el8 @System
FJSVfsep-SV-15.x86_64 1501-0.el8 @FEP-Patches
FJSVfsep-SV-CM-15.x86_64 1501-0.el8 @FEP-Patches
FJSVfsep-SV-OPJ-15.x86_64 1501-0.el8 @FEP-Patches
FJSVfsep-ULOG-15.x86_64 1501-0.el8 @FEP-Patches
FJSVfsep-WAD-15.x86_64 1500-0.el8 @System
FJSVfsep-WAD-OPJ-15.x86_64 1500-0.el8 @System
FJSVfsep-WAD-PR-15.x86_64 1500-0.el8 @System
[root@fep-prod: ~]$
The command shows the updated packages and their versions.
6 Start the instance and verify the minor version
As fsepuser, start the Fujitsu Enteprise Postgres instance, then connect to it using psql and verify the minor version.
[fsepuser@fep-prod: ~]$ pg_ctl -D /database/inst1 start
waiting for server to start....2023-10-10 16:20:57.094 AEDT [10622]
LOG: redirecting log output to logging collector process
2023-10-10 16:20:57.094 AEDT [10622] HINT: Future log output will appear in directory "log".
done
server started
[fsepuser@fep-prod: ~]$
[fsepuser@fep-prod: ~]$ psql
psql (15.4)
Type "help" for help.
postgres=# SELECT version();
version
-------------------------------------------------------------------------------------------------------
PostgreSQL 15.4 on x86_64-pc-linux-gnu, compiled by gcc (GCC) 8.3.1 20191121 (Red Hat 8.3.1-5), 64-bit
(1 row)
postgres=#
Setting up pgBackRest
With the applied patch, the new features are added to Fujitsu Enteprise Postgres binaries. You can see that pgBackRest is installed under the OSS directory of server and client.
[fsepuser@fep-prod: ~]$ ls -ld /opt/fsepv15server64/OSS/pgbackrest/
drwxr-xr-x. 4 root root 28 Oct 10 04:55 /opt/fsepv15server64/OSS/pgbackrest/
[fsepuser@fep-prod: ~]$ ls -ld /opt/fsepv15client64/OSS/pgbackrest/
drwxr-xr-x. 4 root root 28 Oct 10 04:55 /opt/fsepv15client64/OSS/pgbackrest/
[fsepuser@fep-prod: ~]$
To use pgBackRest, set the environment to include the below path.
[fsepuser@fep-prod: ~]$ export
PATH=/opt/fsepv15server64/OSS/pgbackrest/bin:$PATH
[fsepuser@fep-prod: ~]$ pgbackrest version
pgBackRest 2.46
[fsepuser@fep-prod: ~]$
1 Configure pgBackRest
Create the pgbackrest.conf file and define the repository and database information as shown below.
[fsepuser@fep-prod: ~]$ cat /etc/pgbackrest.conf
[global]
repo1-path=/backup/pgbackrest
repo1-retention-full=2
[inst1]
db-path=/database/inst1
db-port=27500
db-user=fsepuser
[fsepuser@fep-prod: ~]$
Enable archive_mode, which is required for database recovery, and specify the archive backup to use pgBackRest.
[fsepuser@fep-prod: ~]$ tail -5 /database/inst1/postgresql.conf
listen_addresses = '*'
port = 27500
archive_mode = on
archive_command = 'pgbackrest --stanza=inst1 archive-push %p'
[fsepuser@fep-prod: ~]$
Restart the instance for the updated parameters to take effect.
[fsepuser@fep-prod: ~]$ pg_ctl -D /database/inst1 restart
waiting for server to shut down......done
server stopped
waiting for server to start....2023-10-11 11:17:20.240 AEDT [25708]
LOG: redirecting log output to logging collector process
2023-10-11 11:17:20.240 AEDT [25708] HINT: Future log output will appear in directory "log".
done
server started
[fsepuser@fep-prod: ~]$
2 Create stanza
Now create a stanza named to define the backup configuration for the specific database cluster.
[fsepuser@fep-prod: ~]$ pgbackrest stanza-create --stanza=inst1 --log-level-console=info
2023-10-11 00:44:10.885 P00 INFO: stanza-create command begin 2.46: --exec-id=26166-67c7565e
--log-level-console=info --pg1-path=/database/inst1 --pg1-port=27500
--repo1-path=/backup/pgbackrest --stanza=inst1
2023-10-11 00:44:11.490 P00 INFO: stanza-create for stanza 'inst1' on repo1
2023-10-11 00:44:11.521 P00 INFO: stanza-create command end: completed successfully (637ms)
[fsepuser@fep-prod: ~]$
3 Perform backup
Perform a full backup using the stanza we created earlier.
[fsepuser@fep-prod: ~]$ pgbackrest --stanza=inst1 backup --type=full --log-level-stderr=info
INFO: backup command begin 2.46: --exec-id=26217-cb0feb2c --log-level- stderr=info --pg1-path=/database/inst1 --pg1-port=27500
--repo1-path=/backup/pgbackrest --repo1-retention-full=2 --stanza=inst1 --type=full
INFO: execute non-exclusive backup start: backup begins after the next regular checkpoint completes
INFO: backup start archive = 00000001000000000000000E, lsn = 0/E000028
INFO: check archive for prior segment 00000001000000000000000D
INFO: execute non-exclusive backup stop and wait for all WAL segments to archive
INFO: backup stop archive = 00000001000000000000000E, lsn = 0/E000100
INFO: check archive for segment(s) 00000001000000000000000E:00000001000000000000000E
INFO: new backup label = 20231011-004739F
INFO: full backup size = 22.9MB, file total = 972
INFO: backup command end: completed successfully (8603ms)
INFO: expire command begin 2.46: --exec-id=26217-cb0feb2c --log-level- stderr=info
--repo1-path=/backup/pgbackrest --repo1-retention-full=2 --stanza=inst1
INFO: expire command end: completed successfully (14ms)
[fsepuser@fep-prod: ~]$x
List the backups.
[fsepuser@fep-prod: ~]$ pgbackrest --stanza=inst1 info
stanza: inst1
status: ok
cipher: none
db (current)
wal archive min/max (15): 00000001000000000000000C/00000001000000000000000F
full backup: 20231011-004739F
timestamp start/stop: 2023-10-11 00:47:39 / 2023-10-11 00:47:46
wal start/stop: 00000001000000000000000E / 00000001000000000000000E
database size: 22.9MB, database backup size: 22.9MB
repo1: backup set size: 3MB, backup size: 3MB
[fsepuser@fep-prod: ~]$
Additionally, incremental backup and restore to specific point-in-time (PITR) can be performed.
For more information on incremental backup and Point-in-Time Recovery (PITR), see Introducing incremental backups with pg_basebackupSetting up policy-based login security
Policy-based login security is a Fujitsu Enterprise Postgres feature that improves database security by preventing unauthorized logins, achieved by setting password expiration dates and locking users who repeatedly fail to log in or are dormant.
To enable this feature on an existing instance after applying the patch requires re-creating the instance.
[fsepuser@fep-prod: ~]$ psql
psql (15.4)
Type "help" for help.
postgres=# SELECT * FROM pgx_profile;
ERROR: relation "pgx_profile" does not exist
LINE 1: SELECT * FROM pgx_profile;
^
postgres=#
Note: If an instance is created after the patch is applied, the password profile feature is enabled by default.
1 Stop applications and perform backup
Stop all applications/users from connecting to the Fujitsu Enterprise Postgres instance, and perform backup using pg_dumpall.
[fsepuser@fep-prod: ~]$ pg_dumpall -U fsepuser -p 27500 > /backup/bkp_dumpall_fep_prod.sql
[fsepuser@fep-prod: ~]$
[fsepuser@fep-prod: ~]$ ls -l /backup/bkp_dumpall_fep_prod.sql
-rw-rw-r--. 1 fsepuser fsepuser 95995658 Oct 20 00:46 /backup/bkp_dumpall_fep_prod.sql
[fsepuser@fep-prod: ~]$
[fsepuser@fep-prod: ~]$ cp /database/inst1/*.conf /backup/
[fsepuser@fep-prod: ~]$
2 Re-create the cluster
Stop the instance and back up the configuration files.
[fsepuser@fep-prod: ~]$ pg_ctl -D /database/inst1 stop
waiting for server to shut down.....done
server stopped
[fsepuser@fep-prod: ~]$
Remove all files from $PGDATA and the tablespace location.
[fsepuser@fep-prod: ~]$ cd /database/inst1/
[fsepuser@fep-prod: /database/inst1]$ rm -rf *
[fsepuser@fep-prod: /database/inst1]$
[fsepuser@fep-prod: /database/inst1]$ cd /pg_tblspc/enc_tblspc/
[fsepuser@fep-prod: /pg_tblspc/enc_tblspc]$ ls -l
total 0
drwx------. 5 fsepuser fsepuser 64 Oct 20 00:09 PG_15_202209061
[fsepuser@fep-prod: /pg_tblspc/enc_tblspc]$
[fsepuser@fep-prod: /pg_tblspc/enc_tblspc]$ rm -rf PG_15_202209061/
[fsepuser@fep-prod: /pg_tblspc/enc_tblspc]$ ls -l
total 0
[fsepuser@fep-prod: /pg_tblspc/enc_tblspc]$
Create the cluster.
[fsepuser@fep-prod: ~]$ initdb -D /database/inst1 --lc-collate="C" --lc-ctype="C" --encoding=UTF8
The files belonging to this database system will be owned by user "fsepuser".
This user must also own the server process.
The database cluster will be initialized with this locale configuration:
provider: libc
LC_COLLATE: C
LC_CTYPE: C
LC_MESSAGES: en_AU.UTF-8
LC_MONETARY: en_AU.UTF-8
LC_NUMERIC: en_AU.UTF-8
LC_TIME: en_AU.UTF-8
The default text search configuration will be set to "english".
Data page checksums are disabled.
fixing permissions on existing directory /database/inst1 ... ok
creating subdirectories ... ok
selecting dynamic shared memory implementation ... posix
selecting default max_connections ... 100
selecting default shared_buffers ... 128MB
selecting default time zone ... Etc/UTC
creating configuration files ... ok
running bootstrap script ... ok
performing post-bootstrap initialization ... ok
syncing data to disk ... ok
initdb: warning: enabling "trust" authentication for local connections
initdb: hint: You can change this by editing pg_hba.conf or using the option -A,
or --auth-local and --auth-host, the next time you run initdb.
Success. You can now start the database server using:
pg_ctl -D /database/inst1 -l logfile start
[fsepuser@fep-prod: ~]$
Restore the configuration files and start the instance.
[fsepuser@fep-prod: ~]$ cp /backup/postgresql.conf /database/inst1/
[fsepuser@fep-prod: ~]$
[fsepuser@fep-prod: ~]$ pg_ctl -D /database/inst1 start
waiting for server to start....2023-10-20 12:03:37.836 AEDT [7066]
LOG: redirecting log output to logging collector process
2023-10-20 12:03:37.836 AEDT [7066] HINT: Future log output will appear in directory "log".
done
server started
[fsepuser@fep-prod: ~]$
3 Restore the database from the full backup
Once the instance is started, database can be restored from the backup.
[fsepuser@fep-prod: ~]$ psql -U fsepuser -p 27500 -f /backup/bkp_dumpall_fep_prod.sql
4 Validate the data
Connect to the database and verify the encrypted data in the tablespace is accessible.
[fsepuser@fep-prod: ~]$ psql -U fsepuser -p 27500
psql (15.4)
Type "help" for help.
postgres=# SELECT version();
version
--------------------------------------------------------------------------------------------------------
PostgreSQL 15.4 on x86_64-pc-linux-gnu, compiled by gcc (GCC) 8.3.1 20191121 (Red Hat 8.3.1-5), 64-bit
(1 row)
postgres=# \l
List of databases
Name | Owner | Encoding | Collate | Ctype | ICU Locale | Locale Provider | Access privileges
----------+----------+----------+---------+-------+------------+-----------------+-----------------------
encdb | fsepuser | UTF8 | C | C | | libc |
postgres | fsepuser | UTF8 | C | C | | libc |
template0 | fsepuser | UTF8 | C | C | | libc | =c/fsepuser +
| | | | | | | fsepuser=CTc/fsepuser
template1 | fsepuser | UTF8 | C | C | | libc | =c/fsepuser +
| | | | | | | fsepuser=CTc/fsepuser
(4 rows)
postgres=# \c encdb
You are now connected to database "encdb" as user "fsepuser".
encdb=# \dt+
List of relations
Schema | Name | Type | Owner | Persistence | Access method | Size | Description
--------+------------------+-------+----------+-------------+---------------+------------+--------------
public | pgbench_accounts | table | fsepuser | permanent | heap | 128 MB |
public | pgbench_branches | table | fsepuser | permanent | heap | 8192 bytes |
public | pgbench_history | table | fsepuser | permanent | heap | 0 bytes |
public | pgbench_tellers | table | fsepuser | permanent | heap | 8192 bytes |
(4 rows)
encdb=# SELECT * FROM pgbench_branches;
bid | bbalance | filler
-----+----------+--------
1 | 0 |
2 | 0 |
3 | 0 |
4 | 0 |
5 | 0 |
6 | 0 |
7 | 0 |
8 | 0 |
9 | 0 |
10 | 0 |
(10 rows)
encdb=#
5 Verify the password profile
Check for password profile related views.
fsepuser@fep-prod: ~]$ psql -U fsepuser -p 27500
psql (15.4)
Type "help" for help.
postgres=# \x
Expanded display is on.
postgres=# SELECT * FROM pgx_profile;
-[ RECORD 1 ]----------+--------
oid | 9205
prfname | default
prfpasswordlifetime | -2
prfpasswordgracetime | -2
prfpasswordreusetime | -2
prfpasswordreusemax | -2
prfpasswordlocktime | -2
prffailedloginattempts | -2
prfpasswordallowhashed | 1
postgres=#
Where to obtain more information
For full details on policy-based login security, check the Operation Guide > Policy-based login security
For an example on how to configure policy-based login security, check our Quick Start Guide entry How to configure Policy-Based Login
For details on pgBackRest, check their User Guide
