Grafana security concerns with user old password being reusable

Che · December 15, 2023, 9:35pm

Grafana allowing individuals to reuse previous passwords and its a huge security problem . Please how can i configure Grafana to prevent users from reusing their old passwords ??

I tried doing the following below but it didnt work !!

Open the grafana.ini configuration file using a text editor. The default location is often /etc/grafana/grafana.ini.
Locate the [security] section in the configuration file. If it doesn’t exist, you can add it at the end of the file.
Add or modify the following line within the [security] section to specify the number of previous passwords to remember:

[security]
password_history = 5

So in this example, i set password_history to 5, meaning Grafana will remember the five most recent passwords for each user. that was the idea but it didnt work as expected .

So please if anyone has this same issue or have had it in the past and resolved it please share with me . thanks

jangaraj · December 15, 2023, 10:45pm

Did ChatGPT provide you info about password_history config?
Because I’m not able to find any record about password_history in official Grafana doc or in the source code.

Che · January 4, 2024, 5:58pm

so actually i found that on google and i tried implementing it but it didnt work and i was wondering if anyone has same issues and found a working solution to it … it should not be same as the google example i tried to use !!

jangaraj · January 4, 2024, 6:08pm

My google didn’t find it:

Anyway,

[security]
password_history = 5

is not valid Grafana configuration, so it won’t be working.

Use SSO (OAuth, SAML) for Grafana authentication with your favorite Identity Provider, where you can enforce all security features, which it offers (MFA, password complexity/expiration/history, …).

Che · January 4, 2024, 6:14pm

yeah , i was thinking about that but i thought there was another way rather than going through that complex route . Thanks very much i do appreciate it

Che · January 4, 2024, 6:16pm

Yes , i now remember i think i used A.I to get that password_history config stuff … thats probably why you couldnt get it on google … thanks once again for your input

jangaraj · January 4, 2024, 6:25pm

Don’t use AI - or at least don’t use AI, which hallucinates. I recommned Grot for Grafana related issues:

Che · January 4, 2024, 9:04pm

Yeah, i already had the LDAP setup for our internal users on grafana but wanted something less complicated for extern Tenant users but since grafana does not have the built in capability to restrict previous password usability will use LDAP as well … thanks again and yeah will not use crazy A.I’s just didnt fine anything on grafana Docs and on google so my last resort was trying A.I . thanks once again