From: | Michael Banck <michael(dot)banck(at)credativ(dot)de> |
---|---|
To: | Postgres hackers <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Record last password change |
Date: | 2018-12-11 10:33:51 |
Message-ID: | 1544524431.30106.3.camel@credativ.de |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
Hello,
a customer recently mentioned that they'd like to be able to see when a
(md5, scram) role had their password last changed.
Use-cases for this would be issueing an initial password and then later
making sure it got changed, or auditing that all passwords get changed
once a year. You can do that via external authentication methods like
ldap/gss-api/pam but in some setups those might not be available to the
DBAs.
I guess it would amount to adding a column like rolpasswordchanged to
pg_authid and updating it when rolpassword changes, but maybe there is a
better way?
The same was requested in https://dba.stackexchange.com/questions/91252/
how-to-know-when-postgresql-password-is-changed so I was wondering
whether this would be a welcome change/addition, or whether people think
it's not worth bothering to implement it?
Thoughts?
Michael
--
Michael Banck
Projektleiter / Senior Berater
Tel.: +49 2166 9901-171
Fax: +49 2166 9901-100
Email: michael(dot)banck(at)credativ(dot)de
credativ GmbH, HRB Mönchengladbach 12080
USt-ID-Nummer: DE204566209
Trompeterallee 108, 41189 Mönchengladbach
Geschäftsführung: Dr. Michael Meskes, Jörg Folz, Sascha Heuer
Unser Umgang mit personenbezogenen Daten unterliegt
folgenden Bestimmungen: https://www.credativ.de/datenschutz
From | Date | Subject | |
---|---|---|---|
Next Message | Gavin Flower | 2018-12-11 10:45:29 | Re: Record last password change |
Previous Message | Sergei Kornilov | 2018-12-11 10:16:23 | Re: allow online change primary_conninfo |