Re: Record last password change

From: Gavin Flower <GavinFlower(at)archidevsys(dot)co(dot)nz>
To: Michael Banck <michael(dot)banck(at)credativ(dot)de>, Postgres hackers <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: Record last password change
Date: 2018-12-11 10:45:29
Message-ID: e100cff3-30f2-781a-e78a-0bea179b8b99@archidevsys.co.nz
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

On 11/12/2018 23:33, Michael Banck wrote:
> Hello,
>
> a customer recently mentioned that they'd like to be able to see when a
> (md5, scram) role had their password last changed.
>
> Use-cases for this would be issueing an initial password and then later
> making sure it got changed, or auditing that all passwords get changed
> once a year. You can do that via external authentication methods like
> ldap/gss-api/pam but in some setups those might not be available to the
> DBAs.
>
> I guess it would amount to adding a column like rolpasswordchanged to
> pg_authid and updating it when rolpassword changes, but maybe there is a
> better way?
>
> The same was requested in https://dba.stackexchange.com/questions/91252/
> how-to-know-when-postgresql-password-is-changed so I was wondering
> whether this would be a welcome change/addition, or whether people think
> it's not worth bothering to implement it?
>
> Thoughts?
>
>
>
> Michael
>
Forcing people to change their password on a regular basis is a bad
idea, tends to make people choose easier to guess passwords. Do you
regularly change the locks on your house?

My root password is 16 characters that was computer generated -- not
worth memorising, if I had to regularly change it!

Example password: q!5H!A:xa$3l%o.y Good luck trying to crack my system
using it!

If anyone is interested, I can publish the Java program I wrote to
generate my passwords.

Cheers,
Gavin

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Jose Luis Tallon 2018-12-11 11:29:44 Re: Thinking about EXPLAIN ALTER TABLE
Previous Message Michael Banck 2018-12-11 10:33:51 Record last password change