Re: Can we lock or expire a ROLE / USER

Laurenz Albe <laurenz.albe@cybertec.at>

From: Laurenz Albe <laurenz.albe@cybertec.at>
To: "Subramanian,Ramachandran" <ramachandran.subramanian@alte-leipziger.de>, "pgsql-novice@lists.postgresql.org" <pgsql-novice@lists.postgresql.org>
Date: 2025-09-19T15:55:16Z
Lists: pgsql-novice
On Fri, 2025-09-19 at 08:32 +0000, Subramanian,Ramachandran wrote:
>    Absolute novice in Postgresql, coming from the Mainframe world.  Kindly forgive my ignorance.
>  
> Is it possible to LOCK or DEACTIVATE or EXPIRE a USER ( ROLE with LOGIN ) after
>  
>    1. A set period of inactivity
>    2. 5 Wrong password attempts
>  
> I searched through the manals and did not find any mention of such a facility.

PostgreSQL doesn't offer support for these functionalities.
It also does not allow you to enforce password complexity rules.

> If it is not possible at the database level, can this be implemented in any other way?

The way to do that is to authenticat database users using a central identity
management system like Kerberos.  See the documentation for a list of supported
authentication methods:
https://www.postgresql.org/docs/current/client-authentication.html

Yours,
Laurenz Albe