| From: | Nathan Bossart <nathan(at)postgresql(dot)org> |
|---|---|
| To: | pgsql-committers(at)lists(dot)postgresql(dot)org |
| Subject: | pgsql: Add password expiration warnings. |
| Date: | 2026-02-11 16:36:56 |
| Message-ID: | E1vqDCx-000DMY-0k@gemulon.postgresql.org |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-committers |
Add password expiration warnings.
This commit adds a new parameter called
password_expiration_warning_threshold that controls when the server
begins emitting imminent-password-expiration warnings upon
successful password authentication. By default, this parameter is
set to 7 days, but this functionality can be disabled by setting it
to 0. This patch also introduces a new "connection warning"
infrastructure that can be reused elsewhere. For example, we may
want to warn about the use of MD5 passwords for a couple of
releases before removing MD5 password support.
Author: Gilles Darold <gilles(at)darold(dot)net>
Co-authored-by: Nathan Bossart <nathandbossart(at)gmail(dot)com>
Reviewed-by: Japin Li <japinli(at)hotmail(dot)com>
Reviewed-by: songjinzhou <tsinghualucky912(at)foxmail(dot)com>
Reviewed-by: liu xiaohui <liuxh(dot)zj(dot)cn(at)gmail(dot)com>
Reviewed-by: Yuefei Shi <shiyuefei1004(at)gmail(dot)com>
Reviewed-by: Steven Niu <niushiji(at)gmail(dot)com>
Reviewed-by: Soumya S Murali <soumyamurali(dot)work(at)gmail(dot)com>
Reviewed-by: Euler Taveira <euler(at)eulerto(dot)com>
Reviewed-by: Zsolt Parragi <zsolt(dot)parragi(at)percona(dot)com>
Reviewed-by: Chao Li <li(dot)evan(dot)chao(at)gmail(dot)com>
Reviewed-by: Greg Sabino Mullane <htamfids(at)gmail(dot)com>
Reviewed-by: Peter Eisentraut <peter(at)eisentraut(dot)org>
Discussion: https://postgr.es/m/129bcfbf-47a6-e58a-190a-62fc21a17d03%40migops.com
Branch
------
master
Details
-------
https://git.postgresql.org/pg/commitdiff/1d92e0c2cc4789255c630d8776bbe85ca9ebc27f
Modified Files
--------------
doc/src/sgml/config.sgml | 22 ++++++++
src/backend/libpq/crypt.c | 73 +++++++++++++++++++++++++--
src/backend/utils/init/postinit.c | 69 +++++++++++++++++++++++++
src/backend/utils/misc/guc_parameters.dat | 10 ++++
src/backend/utils/misc/postgresql.conf.sample | 3 +-
src/include/libpq/crypt.h | 3 ++
src/include/miscadmin.h | 1 +
src/test/authentication/t/001_password.pl | 34 +++++++++++++
8 files changed, 209 insertions(+), 6 deletions(-)
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Heikki Linnakangas | 2026-02-11 17:00:27 | pgsql: Fix pg_stat_get_backend_wait_event() for aux processes |
| Previous Message | Tom Lane | 2026-02-11 16:03:31 | pgsql: Further stabilize a postgres_fdw test case. |