gitlab—2FA双因子认证登录配置
一、2FA配置
Two-Factor Authentication(2FA),一般称双因素认证
1)gitlab配置
2)手机端下载Authenticator
添加账户==>其他账户==>扫描二维码
3)gitlab填入pin code
4)重新登录测试
可以填入pin code或者recovery code(当无法获取pin code时)
参考文档:
https://docs.gitlab.com/ee/user/profile/account/two_factor_authentication.html
https://www.cnblogs.com/wangxu01/articles/11057507.html
二、2FA禁用
2.1、思路分析
进入postgresql数据库,修改user表,将otp_required_for_login 、 require_two_factor_authentication_from_group 这两个字段,都改为false(数据库中用f表示)
2.2、操作步骤
由于我的gitlab使用docker容器起的,需要进入容器中
1)进入docker容器
[root@git ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 3694c2292ed0 gitlab/gitlab-ce "/assets/wrapper" 42 hours ago Up About an hour (healthy) 0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp, 0.0.0.0:222->22/tcp gitlab [root@git ~]# docker exec -it gitlab /bin/sh #
2)查看/etc/passwd,发现gitlab-psql用户是可以登录的
[root@git ~]# docker exec -it gitlab /bin/sh # cat /etc/passwd root:x:0:0:root:/root:/bin/bash daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin bin:x:2:2:bin:/bin:/usr/sbin/nologin sys:x:3:3:sys:/dev:/usr/sbin/nologin sync:x:4:65534:sync:/bin:/bin/sync games:x:5:60:games:/usr/games:/usr/sbin/nologin man:x:6:12:man:/var/cache/man:/usr/sbin/nologin lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin mail:x:8:8:mail:/var/mail:/usr/sbin/nologin news:x:9:9:news:/var/spool/news:/usr/sbin/nologin uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin proxy:x:13:13:proxy:/bin:/usr/sbin/nologin www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin backup:x:34:34:backup:/var/backups:/usr/sbin/nologin list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin irc:x:39:39:ircd:/var/run/ircd:/usr/sbin/nologin gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/usr/sbin/nologin nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin systemd-timesync:x:100:102:systemd Time Synchronization,,,:/run/systemd:/bin/false systemd-network:x:101:103:systemd Network Management,,,:/run/systemd/netif:/bin/false systemd-resolve:x:102:104:systemd Resolver,,,:/run/systemd/resolve:/bin/false systemd-bus-proxy:x:103:105:systemd Bus Proxy,,,:/run/systemd:/bin/false _apt:x:104:65534::/nonexistent:/bin/false sshd:x:105:65534::/var/run/sshd:/usr/sbin/nologin git:x:998:998::/var/opt/gitlab:/bin/sh gitlab-www:x:999:999::/var/opt/gitlab/nginx:/bin/false gitlab-redis:x:997:997::/var/opt/gitlab/redis:/bin/false gitlab-psql:x:996:996::/var/opt/gitlab/postgresql:/bin/sh mattermost:x:994:994::/var/opt/gitlab/mattermost:/bin/sh registry:x:993:993::/var/opt/gitlab/registry:/bin/sh gitlab-prometheus:x:992:992::/var/opt/gitlab/prometheus:/bin/sh gitlab-consul:x:991:991::/var/opt/gitlab/consul:/bin/sh
3)查看数据库配置信息
# cat /var/opt/gitlab/gitlab-rails/etc/database.yml # This file is managed by gitlab-ctl. Manual changes will be # erased! To change the contents below, edit /etc/gitlab/gitlab.rb # and run `sudo gitlab-ctl reconfigure`. production: adapter: postgresql encoding: unicode collation: database: gitlabhq_production #要登录的数据库 pool: 1 username: "gitlab" password: host: "/var/opt/gitlab/postgresql" #登录主机 port: 5432 socket: sslmode: sslcompression: 0 sslrootcert: sslca: load_balancing: {"hosts":[]} prepared_statements: false statements_limit: 1000 fdw: #
4)根据上面的配置信息登陆postgresql数据库
# su - gitlab-psql $
5)连接到gitlabhq_production库
$ psql -h /var/opt/gitlab/postgresql -d gitlabhq_production psql (10.9) Type "help" for help. gitlabhq_production=#
6)操作数据库
查看数据库:
查看多表:
查看users表:
gitlabhq_production=# \d users
查看users表中用户的关键信息,取4个字段:
gitlabhq_production=# SELECT name,username,otp_required_for_login,two_factor_grace_period, require_two_factor_authentication_from_group FROM users;
修改字段:
gitlabhq_production=# UPDATE users set otp_required_for_login = 'f' WHERE username = 'root'; UPDATE 1
7)\q退出数据库,重新登录gitlab,就没要求2FA认证
参考文档:
作者:Lawrence
-------------------------------------------
个性签名:独学而无友,则孤陋而寡闻。做一个灵魂有趣的人!
扫描上面二维码关注我
如果你真心觉得文章写得不错,而且对你有所帮助,那就不妨帮忙“推荐"一下,您的“推荐”和”打赏“将是我最大的写作动力!
本文版权归作者所有,欢迎转载,但未经作者同意必须保留此段声明,且在文章页面明显位置给出原文连接.