Re: Pasword expiration warning

2021-11-21 Thread Gilles Darold
Le 20/11/2021 à 14:48, Andrew Dunstan a écrit : > On 11/19/21 19:17, Bossart, Nathan wrote: >> On 11/19/21, 7:56 AM, "Tom Lane" wrote: >>> That leads me to wonder about server-side solutions. It's easy >>> enough for the server to see that it's used a password with an >>> expiration N days away,

Re: Pasword expiration warning

2021-11-20 Thread Andrew Dunstan
On 11/19/21 19:17, Bossart, Nathan wrote: > On 11/19/21, 7:56 AM, "Tom Lane" wrote: >> That leads me to wonder about server-side solutions. It's easy >> enough for the server to see that it's used a password with an >> expiration N days away, but how could that be reported to the >> client? Th

Re: Pasword expiration warning

2021-11-19 Thread Michael Paquier
On Sat, Nov 20, 2021 at 12:17:53AM +, Bossart, Nathan wrote: > I bet it's possible to use the ClientAuthentication_hook for this. In > any case, I agree that it probably belongs server-side so that other > clients can benefit from this. ClientAuthentication_hook is called before the user is i

Re: Pasword expiration warning

2021-11-19 Thread Bossart, Nathan
On 11/19/21, 7:56 AM, "Tom Lane" wrote: > That leads me to wonder about server-side solutions. It's easy > enough for the server to see that it's used a password with an > expiration N days away, but how could that be reported to the > client? The only idea that comes to mind that doesn't seem l

Re: Pasword expiration warning

2021-11-19 Thread Gilles Darold
Le 19/11/2021 à 16:55, Tom Lane a écrit : Gilles Darold writes: Now that the security policy is getting stronger, it is not uncommon to create users with a password expiration date (VALID UNTIL). TBH, I thought people were starting to realize that forced password rotations are a net security n

Re: Pasword expiration warning

2021-11-19 Thread Tom Lane
Gilles Darold writes: > Now that the security policy is getting stronger, it is not uncommon to > create users with a password expiration date (VALID UNTIL). TBH, I thought people were starting to realize that forced password rotations are a net security negative. It's true that a lot of places

Re: Pasword expiration warning

2021-11-19 Thread Dinesh Chemuduru
On Fri, 19 Nov 2021 at 20:19, Gilles Darold wrote: > Hi all, > > > Now that the security policy is getting stronger, it is not uncommon to > create users with a password expiration date (VALID UNTIL). The problem > is that the user is only aware that his password has expired when he can no > long