Re: Can we lock or expire a ROLE / USER
Laurenz Albe <laurenz.albe@cybertec.at>
From: Laurenz Albe <laurenz.albe@cybertec.at>
To: "Subramanian,Ramachandran" <ramachandran.subramanian@alte-leipziger.de>,
"pgsql-novice@lists.postgresql.org" <pgsql-novice@lists.postgresql.org>
Date: 2025-09-19T15:55:16Z
Lists: pgsql-novice
On Fri, 2025-09-19 at 08:32 +0000, Subramanian,Ramachandran wrote: > Absolute novice in Postgresql, coming from the Mainframe world. Kindly forgive my ignorance. > > Is it possible to LOCK or DEACTIVATE or EXPIRE a USER ( ROLE with LOGIN ) after > > 1. A set period of inactivity > 2. 5 Wrong password attempts > > I searched through the manals and did not find any mention of such a facility. PostgreSQL doesn't offer support for these functionalities. It also does not allow you to enforce password complexity rules. > If it is not possible at the database level, can this be implemented in any other way? The way to do that is to authenticat database users using a central identity management system like Kerberos. See the documentation for a list of supported authentication methods: https://www.postgresql.org/docs/current/client-authentication.html Yours, Laurenz Albe