Re: [PoC/RFC] Multiple passwords, interval expirations - Mailing list pgsql-hackers

From Gurjeet Singh
Subject Re: [PoC/RFC] Multiple passwords, interval expirations
Date
Msg-id CABwTF4VVYPja=f-jR8tRuNUo0Sr8eHSYQQWSBC3g7j3K2aYSbQ@mail.gmail.com
Whole thread Raw
In response to Re: [PoC/RFC] Multiple passwords, interval expirations  (Gurjeet Singh <gurjeet@singh.im>)
Responses Re: [PoC/RFC] Multiple passwords, interval expirations
List pgsql-hackers
On Mon, Oct 9, 2023 at 2:31 AM Gurjeet Singh <gurjeet@singh.im> wrote:
>
> Next steps:
> - Break the patch into a series of smaller patches.

Please see attached the same v3 patch, but now split into 3 separate
patches. Each patch in the series depends on the previous patch to
have been applied. I have made sure that each patch passes `make
check` individually.

First patch adds the two new columns, rolsecondpassword and
rolsecondvaliduntil to the pg_authid shared catalog. This patch also
updates the corresponding pg_authid.dat file to set these values to
null for the rows populated during bootstrap. Finally, it adds code to
CreateRole() to set these columns' values to NULL for a role being
created.

The second patch updates the password extraction, verification
functions as well as authentication functions to honor the second
password, if any. There is more detailed description in the commit
message/body of the patch.

The third patch adds the SQL support to the ALTER ROLE command which
allows manipulation of both, the rolpassword and rolsecondpassword,
columns and their respective expiration timestamps,
rol[second]validuntil. This patch also adds regression tests for the
new SQL command, demonstrating the use of the new grammar.

v3-0001-Add-new-columns-to-pg_authid.patch
v3-0002-Update-password-verification-infrastructure-to-ha.patch
v3-0003-Added-SQL-support-for-ALTER-ROLE-to-manage-two-pa.patch



Best regards,
Gurjeet
http://Gurje.et

Attachment

pgsql-hackers by date:

Previous
From: Nathan Bossart
Date:
Subject: Re: should frontend tools use syncfs() ?
Next
From: Robert Haas
Date:
Subject: Re: New WAL record to detect the checkpoint redo location