| From: | Bruce Momjian <bruce(at)momjian(dot)us> |
|---|---|
| To: | Jeff Davis <pgsql(at)j-davis(dot)com> |
| Cc: | Nathan Bossart <nathandbossart(at)gmail(dot)com>, Gurjeet Singh <gurjeet(at)singh(dot)im>, PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org>, Stephen Frost <sfrost(at)snowman(dot)net>, "Brindle, Joshua" <joshuqbr(at)amazon(dot)com>, Jacob Champion <jchampion(at)timescale(dot)com> |
| Subject: | Re: [PoC/RFC] Multiple passwords, interval expirations |
| Date: | 2023-10-06 20:46:01 |
| Message-ID: | ZSByCfdd4GJrqGYu@momjian.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Fri, Oct 6, 2023 at 01:20:03PM -0700, Jeff Davis wrote:
> The basic problem, as I see it, is: how do we keep users from
> accidentally dropping the wrong password? Generated unique names or
I thought we could auto-remove old password if the valid-until date is
in the past. You would need a separate ALTER command to sets its date
in the past without that. Also, defining a new password could require
setting the expiration date of the old password to make future additions
easier.
For pg_authid, I was thinking of columns:
ADD rolpassword_old
ADD rolvaliduntil_old
EXISTS rolpassword
EXISTS rolvaliduntil
I did blog about the password rotation problem and suggested
certificates:
https://momjian.us/main/blogs/pgblog/2020.html#July_17_2020
--
Bruce Momjian <bruce(at)momjian(dot)us> https://momjian.us
EDB https://enterprisedb.com
Only you can decide what is important to you.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bruce Momjian | 2023-10-06 21:00:54 | Re: Problem, partition pruning for prepared statement with IS NULL clause. |
| Previous Message | Laurenz Albe | 2023-10-06 20:32:41 | Re: Fix output of zero privileges in psql |