Re: Pasword expiration warning

Gilles Darold <gilles@migops.com>

From: Gilles Darold <gilles@migops.com>
To: Andrew Dunstan <andrew@dunslane.net>, "Bossart, Nathan" <bossartn@amazon.com>, Gilles Darold <gilles@migops.com>, Tom Lane <tgl@sss.pgh.pa.us>
Cc: PostgreSQL Hackers <pgsql-hackers@postgresql.org>
Date: 2021-11-21T09:49:57Z
Lists: pgsql-hackers
Le 20/11/2021 à 14:48, Andrew Dunstan a écrit :
> On 11/19/21 19:17, Bossart, Nathan wrote:
>> On 11/19/21, 7:56 AM, "Tom Lane" <tgl@sss.pgh.pa.us> wrote:
>>> That leads me to wonder about server-side solutions.  It's easy
>>> enough for the server to see that it's used a password with an
>>> expiration N days away, but how could that be reported to the
>>> client?  The only idea that comes to mind that doesn't seem like
>>> a protocol break is to issue a NOTICE message, which doesn't
>>> seem like it squares with your desire to only do this interactively.
>>> (Although I'm not sure I believe that's a great idea.  If your
>>> application breaks at 2AM because its password expired, you
>>> won't be any happier than if your interactive sessions start to
>>> fail.  Maybe a message that would leave a trail in the server log
>>> would be best after all.)
>> I bet it's possible to use the ClientAuthentication_hook for this.  In
>> any case, I agree that it probably belongs server-side so that other
>> clients can benefit from this.
>>
> +1 for a server side solution. The people most likely to benefit from
> this are the people least likely to be using psql IMNSHO.


Ok, I can try to implement something at server side using a NOTICE message.


-- 
Gilles Darold




Commits

  1. Add password expiration warnings.