On Fri, 19 Nov 2021 at 20:19, Gilles Darold <gil...@migops.com> wrote:
> Hi all, > > > Now that the security policy is getting stronger, it is not uncommon to > create users with a password expiration date (VALID UNTIL). The problem > is that the user is only aware that his password has expired when he can no > longer log in unless the application with which he is connecting notifies > him beforehand. > > > I'm wondering if we might be interested in having this feature in psql? For > example for a user whose password expires in 3 days: > > gilles=# CREATE ROLE foo LOGIN PASSWORD 'foo' VALID UNTIL '2021-11-22'; > CREATE ROLE > gilles=# \c - foo > Password for user foo: > psql (15devel, server 14.1 (Ubuntu 14.1-2.pgdg20.04+1)) > ** Warning: your password expires in 3 days ** > You are now connected to database "gilles" as user "foo". > > > My idea is to add a psql variable that can be defined in psqlrc to specify > the number of days before the user password expires to start printing a > warning. The warning message is only diplayed in interactive mode Example: > > $ cat /etc/postgresql-common/psqlrc > \set PASSWORD_EXPIRE_WARNING 7 > > +1 It is useful to notify the users about their near account expiration, and we are doing that at client level. Default value is 0 like today no warning at all. > > > Of course any other client application have to write his own beforehand > expiration > notice but with psql we don't have it for the moment. If there is interest > for this psql feature I can post the patch. > > -- > Gilles Darold > >