Re: Pasword expiration warning

On Mon, Feb 02, 2026 at 02:31:02PM -0600, Nathan Bossart wrote:
> Here is an updated patch with the units set to seconds. There are two main
> things on my mind:
>
> * The placement of the WARNING. Right now, I have it placed at the end of
> InitPostgres(). There are various other ways to get a WARNING during this
> function, so I think it's technically okay, but perhaps it makes more sense
> to put it at the end of ClientAuthentication() or something. But the risk
> there is that something between the call to ClientAuthentication() and the
> end of InitPostgres() could ERROR/FATAL, in which case our new WARNING
> might be giving away more information than necessary. So, I guess I lean
> towards keeping it where it is now, but I would be interested to hear other
> opinions on the matter.
>
> * Whether we should emit the warnings for special client backends.
> Specifically, I think the current patch will send warnings to logical
> replication connections, but not physical replication connections. My
> current feeling is that we should send warnings to any backend that uses a
> password to authenticate, i.e., add a call to EmitConnectionWarnings() at
> the end of the "am_walsender && !am_db_walsender" block. Thoughts? Are
> there any other backend types I'm forgetting that would be relevant here?

Hearing nothing, I've updated the patch to send warnings to all backends
that use a password to authenticate.

--
nathan