https://github.com/pgaudit/pgaudit might help. It's packed for install by the Postgres team, (Of course, it's too late for existing accounts.)
On 5/9/19 4:11 PM, Kumar, Virendra wrote:
Thanks Chris!
Since PostgreSQL still have to have those accounts even if we authenticate it externally we have to get at least the user creation date from the instance as that information might be different in instance vs external utility. Is there a possibility we can get it.
Most of our accounts are AD authenticated however we have some like (postgres – superuser!) which is local or peer authenticated we want to control that as well and hence the requirement.
Regards,
Virendra
From: Christopher Browne [mailto:cbbrowne@gmail.com]
Sent: Thursday, May 09, 2019 5:04 PM
To: Kumar, Virendra
Cc: pgsql-general@lists.postgresql.org
Subject: Re: User Details for PostgreSQL
Hello Team,
We are looking for some audit information about user creation. We need a few audit fields which we did not find in PostgreSQL. I would be happy if someone help us in finding these details. Besically we need information about:
1. User creation date
2. Last Password change date
Do we have a way to get these values or can somebody guide us how we can store and get these values while creating user.
Regards,
Virendra
Since there is a diversity of ways of managing this information, including outside the database, there is no way to assert a true-in-general mechanism for this.
Indeed, if you are interested in managing such information particularly carefully, you may wish to use mechanisms such as PAM, Kerberos, LDAP, GSSAPI for this, in which case PostgreSQL may have no responsibility in the matter of managing passwords. It is quite likely a good idea to use something like Kerberos if you have the concerns that you describe, and if so, the audit information you want would be collected from Kerberos, not PostgreSQL
--
When confronted by a difficult problem, solve it by reducing it to the
question, "How would the Lone Ranger handle this?"
This message is intended only for the use of the addressee and may contain
information that is PRIVILEGED AND CONFIDENTIAL.
If you are not the intended recipient, you are hereby notified that any
dissemination of this communication is strictly prohibited. If you have
received this communication in error, please erase all copies of the message
and its attachments and notify the sender immediately. Thank you.
--
Angular momentum makes the world go 'round.
