Home > mailing lists

Re: [PoC/RFC] Multiple passwords, interval expirations - Mailing list pgsql-hackers

From	Bruce Momjian
Subject	Re: [PoC/RFC] Multiple passwords, interval expirations
Date	October 6, 2023 23:46:01
Msg-id	ZSByCfdd4GJrqGYu@momjian.us Whole thread Raw
In response to	Re: [PoC/RFC] Multiple passwords, interval expirations (Jeff Davis <pgsql@j-davis.com>)
Responses	Re: [PoC/RFC] Multiple passwords, interval expirations
List	pgsql-hackers

Tree view

On Fri, Oct  6, 2023 at 01:20:03PM -0700, Jeff Davis wrote:
> The basic problem, as I see it, is: how do we keep users from
> accidentally dropping the wrong password? Generated unique names or

I thought we could auto-remove old password if the valid-until date is
in the past.  You would need a separate ALTER command to sets its date
in the past without that.  Also, defining a new password could require
setting the expiration date of the old password to make future additions
easier.

For pg_authid, I was thinking of columns:

    ADD    rolpassword_old
    ADD    rolvaliduntil_old
    EXISTS    rolpassword
    EXISTS    rolvaliduntil

I did blog about the password rotation problem and suggested
certificates:

    https://momjian.us/main/blogs/pgblog/2020.html#July_17_2020

-- 
  Bruce Momjian  <bruce@momjian.us>        https://momjian.us
  EDB                                      https://enterprisedb.com

  Only you can decide what is important to you.

pgsql-hackers by date:

From: Laurenz Albe
Date: 06 October 2023, 23:32:41
Subject: Re: Fix output of zero privileges in psql

From: Bruce Momjian
Date: 07 October 2023, 00:00:54
Subject: Re: Problem, partition pruning for prepared statement with IS NULL clause.

Re: [PoC/RFC] Multiple passwords, interval expirations - Mailing list pgsql-hackers

Previous

Next