Re: [PoC/RFC] Multiple passwords, interval expirations - Mailing list pgsql-hackers

From Jeff Davis
Subject Re: [PoC/RFC] Multiple passwords, interval expirations
Date
Msg-id 3ba7717e5493f3c3b45127457f540b7811f6f6e1.camel@j-davis.com
Whole thread Raw
In response to Re: [PoC/RFC] Multiple passwords, interval expirations  (Gurjeet Singh <gurjeet@singh.im>)
Responses Re: [PoC/RFC] Multiple passwords, interval expirations
List pgsql-hackers
On Thu, 2023-10-05 at 14:28 -0700, Gurjeet Singh wrote:

> This way there's a notion of a 'new' and 'old' passwords.

IIUC, you are proposing that there are exactly two slots, NEW and OLD.
When adding a password, OLD must be unset and it moves NEW to OLD, and
adds the new password in NEW. DROP only works on OLD. Is that right?

It's close to the idea of deprecation, except that adding a new
password implicitly deprecates the existing one. I'm not sure about
that -- it could be confusing.

We could also try using a verb like "expire" that could be coupled with
a date, and that way all old passwords would always have some validity
period. That might make it a bit easier to manage if we do need more
than two passwords.

Regards,
    Jeff Davis




pgsql-hackers by date:

Previous
From: Laurenz Albe
Date:
Subject: Re: Restoring default privileges on objects
Next
From: Laurenz Albe
Date:
Subject: Re: Fix output of zero privileges in psql