Victor Yegorov wrote: > 2013/3/8 Albe Laurenz <laurenz.albe@wien.gv.at> >> This way you can also force a certain password expiry date >> (PostgreSQL does not have a password life time). > > What bout ALTER ROLE ... VALID UNTIL 'timestamp' ?
That's the password expiry date.
Oracle's concept is different: it sets a limit on the time between password changes. There is no such thing in PostgreSQL.
BTW, your suggestion to use a function here is exactly what we do in LedgerSMB. Password expiration is forced to be now() + an interval specified in a configuration table.
It would be nice to be able to do handling of failed login attempts but currently I don;t think that's possible from within PostgreSQL (i.e. without external auth).