Re: Pasword expiration warning

Nathan Bossart <nathandbossart@gmail.com>

From: Nathan Bossart <nathandbossart@gmail.com>
To: Gilles Darold <gilles@darold.net>
Cc: Zsolt Parragi <zsolt.parragi@percona.com>, Japin Li <japinli@hotmail.com>, Yuefei Shi <shiyuefei1004@gmail.com>, songjinzhou <tsinghualucky912@foxmail.com>, PostgreSQL Hackers <pgsql-hackers@postgresql.org>, Andrew Dunstan <andrew@dunslane.net>, Tom Lane <tgl@sss.pgh.pa.us>, liu xiaohui <liuxh.zj.cn@gmail.com>, Steven Niu <niushiji@gmail.com>
Date: 2026-02-02T17:04:03Z
Lists: pgsql-hackers

Attachments

On Fri, Jan 30, 2026 at 12:33:54PM +0100, Gilles Darold wrote:
> Here a new v12 version of the patch. Changes are the following:

Thanks.  I spent some time preparing this for commit, and I came up with
the attached.  Notable changes include:

* Renamed the parameter to password_expiration_warning_threshold.  It's a
mouthful, but I thought it was more descriptive.

* Changed the units for the parameter to minutes.  I can't imagine anyone
needs more granularity than hours or days, let alone seconds, so IMO
minutes is a good middle ground.

* I added a new "connection warnings" infrastructure that we can reuse
if/when we want to emit warnings for MD5 passwords.

* Moved the warning messages to Port.  ClientConnectionInfo appears to be
meant only for parallel workers, and I don't think we will ever want to
emit connection warnings there.

* Moved the tests into 001_password.pl.  I'm a bit concerned about these
tests being flaky, but I've tried setting the VALID UNTIL dates to make
spurious failures virtually impossible.

WDYT?

-- 
nathan

Commits

  1. Add password expiration warnings.