Re: Pasword expiration warning
Andrew Dunstan <andrew@dunslane.net>
From: Andrew Dunstan <andrew@dunslane.net>
To: "Bossart, Nathan" <bossartn@amazon.com>, Gilles Darold
<gilles@migops.com>, Tom Lane <tgl@sss.pgh.pa.us>
Cc: PostgreSQL Hackers <pgsql-hackers@postgresql.org>
Date: 2021-11-20T13:48:35Z
Lists: pgsql-hackers
On 11/19/21 19:17, Bossart, Nathan wrote: > On 11/19/21, 7:56 AM, "Tom Lane" <tgl@sss.pgh.pa.us> wrote: >> That leads me to wonder about server-side solutions. It's easy >> enough for the server to see that it's used a password with an >> expiration N days away, but how could that be reported to the >> client? The only idea that comes to mind that doesn't seem like >> a protocol break is to issue a NOTICE message, which doesn't >> seem like it squares with your desire to only do this interactively. >> (Although I'm not sure I believe that's a great idea. If your >> application breaks at 2AM because its password expired, you >> won't be any happier than if your interactive sessions start to >> fail. Maybe a message that would leave a trail in the server log >> would be best after all.) > I bet it's possible to use the ClientAuthentication_hook for this. In > any case, I agree that it probably belongs server-side so that other > clients can benefit from this. > +1 for a server side solution. The people most likely to benefit from this are the people least likely to be using psql IMNSHO. cheers andrew -- Andrew Dunstan EDB: https://www.enterprisedb.com
Commits
-
Add password expiration warnings.
- 1d92e0c2cc47 19 (unreleased) landed