Pasword expiration warning - Mailing list pgsql-hackers

From Gilles Darold
Subject Pasword expiration warning
Date
Msg-id 129bcfbf-47a6-e58a-190a-62fc21a17d03@migops.com
Whole thread Raw
Responses Re: Pasword expiration warning
Re: Pasword expiration warning
List pgsql-hackers

Hi all,


Now that the security policy is getting stronger, it is not uncommon to create users with a password expiration date (VALID UNTIL). The problem is that the user is only aware that his password has expired when he can no longer log in unless the application with which he is connecting notifies him beforehand.


I'm wondering if we might be interested in having this feature in psql? For example for a user whose password expires in 3 days:

gilles=# CREATE ROLE foo LOGIN PASSWORD 'foo' VALID UNTIL '2021-11-22';
CREATE ROLE
gilles=# \c - foo
Password for user foo:
psql (15devel, server 14.1 (Ubuntu 14.1-2.pgdg20.04+1))
** Warning: your password expires in 3 days **
You are now connected to database "gilles" as user "foo".


My idea is to add a psql variable that can be defined in psqlrc to specify the number of days before the user password expires to start printing a warning. The warning message is only diplayed in interactive mode Example:

$ cat /etc/postgresql-common/psqlrc
\set PASSWORD_EXPIRE_WARNING 7

Default value is 0 like today no warning at all.


Of course any other client application have to write his own beforehand expiration notice but with psql we don't have it for the moment. If there is interest for this psql feature I can post the patch.

-- 
Gilles Darold

pgsql-hackers by date:

Previous
From: Masahiko Sawada
Date:
Subject: Re: Failed transaction statistics to measure the logical replication progress
Next
From: Tom Lane
Date:
Subject: Re: dfmgr additional ABI version fields