| From: | Gilles Darold <gilles(at)darold(dot)net> |
|---|---|
| To: | Japin Li <japinli(at)hotmail(dot)com>, Gilles Darold <gilles(at)darold(dot)net> |
| Cc: | PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org>, Andrew Dunstan <andrew(at)dunslane(dot)net>, "Bossart, Nathan" <bossartn(at)amazon(dot)com>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Subject: | Re: Pasword expiration warning |
| Date: | 2026-01-07 14:49:02 |
| Message-ID: | b1d584c7-5e5b-4bc7-8e8c-92a3a2c19322@darold.net |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Le 07/01/2026 à 06:12, Japin Li a écrit :
> Thanks for updating the patch.
>
> 1.
> $ git apply ~/password_expire_warning-v1.patch
> /home/japin/password_expire_warning-v1.patch:71: indent with spaces.
> if (MyClientConnectionInfo.warning_message)
> /home/japin/password_expire_warning-v1.patch:72: indent with spaces.
> ereport(WARNING, (errmsg("%s", MyClientConnectionInfo.warning_message)));
> warning: 2 lines add whitespace errors.
>
> 2.
> +{ name => 'password_expire_warning', type => 'int', context => 'PGC_SIGHUP', group => 'CONN_AUTH_AUTH',
> + short_desc => 'Sets the number of days before password expire to emit a warning at client connection. Default is 7 days, 0 means no warning.',
> + flags => 'GUC_UNIT_S',
> + variable => 'password_expire_warning',
> + boot_val => '7',
> + min => '0',
> + max => '30',
> +},
> +
>
> The GUC_UNIT_S flag specifies that the unit is seconds, meaning the default
> value of 7 corresponds to 7 seconds rather than 7 days. For example:
>
> # ALTER SYSTEM SET password_expire_warning TO 60;
> ERROR: 60 s is outside the valid range for parameter "password_expire_warning" (0 s .. 30 s)
>
> 3.
> I tested the patch and only received an empty WARNING message. After some
> analysis, I found that the warning_message buffer is likely freed after
> transaction commit.
>
> Here's a new patch that resolves the issues mentioned earlier.
>
> Furthermore, if the remaining time until expiration is less than one day,
> should we display it in minutes (or hours) instead of 0 days?
Thanks for the patch review and improvement.
I missed the GUC_UNIT_S c/p but we can use second as unit. I have fixed
your patch update because in this case the result variable must not be
turned into days but kept in seconds to be compared to the GUC value.
I have also added the missing GUC in the sample configuration file.
I'm not in favor of a high granularity in time display, number of days
for me is enough. I the user have the chance to see the 0 day remaining
he knows that he must fix that immediately. But why not, it depends of a
consensus.
Thanks.
--
Gilles Darold
http://hexaculter.ai/
| Attachment | Content-Type | Size |
|---|---|---|
| v4-0001-Add-password_expire_warning-GUC-to-warn-clients.patch | text/x-patch | 6.1 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Peter Eisentraut | 2026-01-07 14:49:37 | Re: A typo in .cirrus.tasks.yml |
| Previous Message | Jelte Fennema-Nio | 2026-01-07 14:48:10 | Re: Proposal to allow setting cursor options on Portals |