Re: Pasword expiration warning

On Fri, 19 Nov 2021 at 20:19, Gilles Darold <gilles(at)migops(dot)com> wrote:

> Hi all,
>
>
> Now that the security policy is getting stronger, it is not uncommon to
> create users with a password expiration date (VALID UNTIL). The problem
> is that the user is only aware that his password has expired when he can no
> longer log in unless the application with which he is connecting notifies
> him beforehand.
>
>
> I'm wondering if we might be interested in having this feature in psql? For
> example for a user whose password expires in 3 days:
>
> gilles=# CREATE ROLE foo LOGIN PASSWORD 'foo' VALID UNTIL '2021-11-22';
> CREATE ROLE
> gilles=# \c - foo
> Password for user foo:
> psql (15devel, server 14.1 (Ubuntu 14.1-2.pgdg20.04+1))
> ** Warning: your password expires in 3 days **
> You are now connected to database "gilles" as user "foo".
>
>
> My idea is to add a psql variable that can be defined in psqlrc to specify
> the number of days before the user password expires to start printing a
> warning. The warning message is only diplayed in interactive mode Example:
>
> $ cat /etc/postgresql-common/psqlrc
> \set PASSWORD_EXPIRE_WARNING 7
>
> +1

It is useful to notify the users about their near account expiration,
and we are doing that at client level.

Default value is 0 like today no warning at all.
>
>
> Of course any other client application have to write his own beforehand expiration
> notice but with psql we don't have it for the moment. If there is interest
> for this psql feature I can post the patch.
>
> --
> Gilles Darold
>
>