Re: Pasword expiration warning
Nathan Bossart <nathandbossart@gmail.com>
From: Nathan Bossart <nathandbossart@gmail.com>
To: Gilles Darold <gilles@darold.net>
Cc: Zsolt Parragi <zsolt.parragi@percona.com>, Japin Li <japinli@hotmail.com>, Yuefei Shi <shiyuefei1004@gmail.com>, songjinzhou <tsinghualucky912@foxmail.com>, PostgreSQL Hackers <pgsql-hackers@postgresql.org>, Andrew Dunstan <andrew@dunslane.net>, Tom Lane <tgl@sss.pgh.pa.us>, liu xiaohui <liuxh.zj.cn@gmail.com>, Steven Niu <niushiji@gmail.com>
Date: 2026-02-02T17:04:03Z
Lists: pgsql-hackers
Attachments
- v13-0001-Add-password-expiration-warnings.patch (text/plain)
On Fri, Jan 30, 2026 at 12:33:54PM +0100, Gilles Darold wrote: > Here a new v12 version of the patch. Changes are the following: Thanks. I spent some time preparing this for commit, and I came up with the attached. Notable changes include: * Renamed the parameter to password_expiration_warning_threshold. It's a mouthful, but I thought it was more descriptive. * Changed the units for the parameter to minutes. I can't imagine anyone needs more granularity than hours or days, let alone seconds, so IMO minutes is a good middle ground. * I added a new "connection warnings" infrastructure that we can reuse if/when we want to emit warnings for MD5 passwords. * Moved the warning messages to Port. ClientConnectionInfo appears to be meant only for parallel workers, and I don't think we will ever want to emit connection warnings there. * Moved the tests into 001_password.pl. I'm a bit concerned about these tests being flaky, but I've tried setting the VALID UNTIL dates to make spurious failures virtually impossible. WDYT? -- nathan
Commits
-
Add password expiration warnings.
- 1d92e0c2cc47 19 (unreleased) landed