| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Venkat jumbo <venkatpostgresql(at)gmail(dot)com> |
| Cc: | "pgsql-admin(at)lists(dot)postgresql(dot)org" <pgsql-admin(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: Change password |
| Date: | 2020-02-26 06:16:02 |
| Message-ID: | 17319.1582697762@sss.pgh.pa.us |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
Venkat jumbo <venkatpostgresql(at)gmail(dot)com> writes:
> Can we force the user to changepassword every month /days. (passwordexpired
> )
> Do we have this option in postgres-10 ?
Postgres doesn't do that directly, though there is a provision for
setting an expiration date on a password. If you want rules like
that, you might look at using PAM auth and then coding the rules
with PAM modules.
FWIW, forced password changes are widely considered to be poor
security practice these days. Before you bull ahead with this,
you might read a few experts, for example
https://www.ftc.gov/news-events/blogs/techftc/2016/03/time-rethink-mandatory-password-changes
https://www.sans.org/security-awareness-training/blog/time-password-expiration-die
https://www.extremetech.com/computing/292534-microsoft-says-forced-password-resets-dont-improve-security
https://www.schneier.com/blog/archives/2016/08/frequent_passwo.html
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Christopher Bartley | 2020-02-26 06:38:48 | |
| Previous Message | Venkat jumbo | 2020-02-26 01:33:22 | Change password |