Re: Pasword expiration warning
Nathan Bossart <nathandbossart@gmail.com>
From: Nathan Bossart <nathandbossart@gmail.com>
To: Gilles Darold <gilles@darold.net>
Cc: Zsolt Parragi <zsolt.parragi@percona.com>, Japin Li <japinli@hotmail.com>, Yuefei Shi <shiyuefei1004@gmail.com>, songjinzhou <tsinghualucky912@foxmail.com>, PostgreSQL Hackers <pgsql-hackers@postgresql.org>, Andrew Dunstan <andrew@dunslane.net>, Tom Lane <tgl@sss.pgh.pa.us>, liu xiaohui <liuxh.zj.cn@gmail.com>, Steven Niu <niushiji@gmail.com>
Date: 2026-02-03T15:28:49Z
Lists: pgsql-hackers
Attachments
- v15-0001-Add-password-expiration-warnings.patch (text/plain)
On Mon, Feb 02, 2026 at 02:31:02PM -0600, Nathan Bossart wrote: > Here is an updated patch with the units set to seconds. There are two main > things on my mind: > > * The placement of the WARNING. Right now, I have it placed at the end of > InitPostgres(). There are various other ways to get a WARNING during this > function, so I think it's technically okay, but perhaps it makes more sense > to put it at the end of ClientAuthentication() or something. But the risk > there is that something between the call to ClientAuthentication() and the > end of InitPostgres() could ERROR/FATAL, in which case our new WARNING > might be giving away more information than necessary. So, I guess I lean > towards keeping it where it is now, but I would be interested to hear other > opinions on the matter. > > * Whether we should emit the warnings for special client backends. > Specifically, I think the current patch will send warnings to logical > replication connections, but not physical replication connections. My > current feeling is that we should send warnings to any backend that uses a > password to authenticate, i.e., add a call to EmitConnectionWarnings() at > the end of the "am_walsender && !am_db_walsender" block. Thoughts? Are > there any other backend types I'm forgetting that would be relevant here? Hearing nothing, I've updated the patch to send warnings to all backends that use a password to authenticate. -- nathan
Commits
-
Add password expiration warnings.
- 1d92e0c2cc47 19 (unreleased) landed