Re: Pasword expiration warning - Mailing list pgsql-hackers

From Andrew Dunstan
Subject Re: Pasword expiration warning
Date
Msg-id 3ea14054-af0c-3f21-0ced-04c896438bdc@dunslane.net
Whole thread Raw
In response to Re: Pasword expiration warning  ("Bossart, Nathan" <bossartn@amazon.com>)
Responses Re: Pasword expiration warning
List pgsql-hackers
On 11/19/21 19:17, Bossart, Nathan wrote:
> On 11/19/21, 7:56 AM, "Tom Lane" <tgl@sss.pgh.pa.us> wrote:
>> That leads me to wonder about server-side solutions.  It's easy
>> enough for the server to see that it's used a password with an
>> expiration N days away, but how could that be reported to the
>> client?  The only idea that comes to mind that doesn't seem like
>> a protocol break is to issue a NOTICE message, which doesn't
>> seem like it squares with your desire to only do this interactively.
>> (Although I'm not sure I believe that's a great idea.  If your
>> application breaks at 2AM because its password expired, you
>> won't be any happier than if your interactive sessions start to
>> fail.  Maybe a message that would leave a trail in the server log
>> would be best after all.)
> I bet it's possible to use the ClientAuthentication_hook for this.  In
> any case, I agree that it probably belongs server-side so that other
> clients can benefit from this.
>

+1 for a server side solution. The people most likely to benefit from
this are the people least likely to be using psql IMNSHO.


cheers


andrew

--
Andrew Dunstan
EDB: https://www.enterprisedb.com




pgsql-hackers by date:

Previous
From: Amit Kapila
Date:
Subject: Re: pg_get_publication_tables() output duplicate relid
Next
From: Andrew Dunstan
Date:
Subject: Re: Should rename "startup process" to something else?