On 11/19/21, 7:56 AM, "Tom Lane" <t...@sss.pgh.pa.us> wrote: > That leads me to wonder about server-side solutions. It's easy > enough for the server to see that it's used a password with an > expiration N days away, but how could that be reported to the > client? The only idea that comes to mind that doesn't seem like > a protocol break is to issue a NOTICE message, which doesn't > seem like it squares with your desire to only do this interactively. > (Although I'm not sure I believe that's a great idea. If your > application breaks at 2AM because its password expired, you > won't be any happier than if your interactive sessions start to > fail. Maybe a message that would leave a trail in the server log > would be best after all.)
I bet it's possible to use the ClientAuthentication_hook for this. In any case, I agree that it probably belongs server-side so that other clients can benefit from this. Nathan