Re: Pasword expiration warning

Steven Niu <niushiji@gmail.com>

From: Steven Niu <niushiji@gmail.com>
To: Japin Li <japinli@hotmail.com>, Yuefei Shi <shiyuefei1004@gmail.com>
Cc: Gilles Darold <gilles@darold.net>, songjinzhou <tsinghualucky912@foxmail.com>, PostgreSQL Hackers <pgsql-hackers@postgresql.org>, Andrew Dunstan <andrew@dunslane.net>, "Bossart, Nathan" <bossartn@amazon.com>, Tom Lane <tgl@sss.pgh.pa.us>, liu xiaohui <liuxh.zj.cn@gmail.com>
Date: 2026-01-09T07:36:59Z
Lists: pgsql-hackers
From: Japin Li <japinli@hotmail.com>
Sent: Friday, January 09, 2026 15:12
To: Yuefei Shi <shiyuefei1004@gmail.com>
Cc: Gilles Darold <gilles@darold.net>; songjinzhou <tsinghualucky912@foxmail.com>; PostgreSQL Hackers <pgsql-hackers@postgresql.org>; Andrew Dunstan <andrew@dunslane.net>; Bossart, Nathan <bossartn@amazon.com>; Tom Lane <tgl@sss.pgh.pa.us>; liu xiaohui <liuxh.zj.cn@gmail.com>
Subject: Re: Pasword expiration warning


On Fri, 09 Jan 2026 at 14:10, Yuefei Shi <shiyuefei1004@gmail.com> wrote:
> A few review comments for V8.
>
> ===
> 1.
> +             if (password_expire_warning > 0 && vuntil < PG_INT64_MAX)
> +             {
> +                     TimestampTz result = (vuntil - now) / USECS_PER_SEC; /* in seconds */
> +
> +                     if (result <= (TimestampTz) password_expire_warning)
> +                             MyClientConnectionInfo.warning_message =
> +                                             psprintf("your password will expire in %d day(s)", (int) (result / 86400));
> +             }
> Please consider localization of the warning message.
>
> 2. typo fix
> a. `Controls how many time ...` should be `Controls how much time ...`.
> b. `Sets how many time before password expire to emit ...` should be `Sets how much time before password expires to emit ...`


Nice catch. Updated in v9.  Please take to look.

I've also replaced the magic constant 86400 with the SECS_PER_DAY macro and
enclosed the statement in braces since it now spans multiple lines.

-- 
Regards,
Japin Li
ChengDu WenWu Information Technology Co., Ltd.



________________________________________

Hi, Jiapin, 

I reviewed the v9-0002-Add-TAP-test-for-password_expire_warning.patch 
and here are my comments:

1. I think we should add tow more cases. One case is for the feature is disbaled. And another is for no warning when >1d remaining. 
2. The modification to pg_hba.conf is unnecessary as the default pg_hba.conf generated by initdb already allows local connections with appropriate methods.
    unlink($node->data_dir . '/pg_hba.conf');
    $node->append_conf('pg_hba.conf', "local all all scram-sha-256");
3. Make the expected string to be more exact. 
qr/your password will expire in/);
-->
qr/your password will expire in 1d/);

Thanks,
Steven


Commits

  1. Add password expiration warnings.