| From: | "Bossart, Nathan" <bossartn(at)amazon(dot)com> |
|---|---|
| To: | Gilles Darold <gilles(at)migops(dot)com>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Pasword expiration warning |
| Date: | 2021-11-20 00:17:53 |
| Message-ID: | C7B3C461-2A44-4A73-B71F-933AD2DC3C6A@amazon.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 11/19/21, 7:56 AM, "Tom Lane" <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> That leads me to wonder about server-side solutions. It's easy
> enough for the server to see that it's used a password with an
> expiration N days away, but how could that be reported to the
> client? The only idea that comes to mind that doesn't seem like
> a protocol break is to issue a NOTICE message, which doesn't
> seem like it squares with your desire to only do this interactively.
> (Although I'm not sure I believe that's a great idea. If your
> application breaks at 2AM because its password expired, you
> won't be any happier than if your interactive sessions start to
> fail. Maybe a message that would leave a trail in the server log
> would be best after all.)
I bet it's possible to use the ClientAuthentication_hook for this. In
any case, I agree that it probably belongs server-side so that other
clients can benefit from this.
Nathan
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bossart, Nathan | 2021-11-20 00:29:51 | Re: logical decoding/replication: new functions pg_ls_logicaldir and pg_ls_replslotdir |
| Previous Message | Bossart, Nathan | 2021-11-19 23:45:40 | Re: Should rename "startup process" to something else? |