Itagaki Takahiro <itagaki.takahiro@oss.ntt.co.jp> writes:
> BTW, it might not be a work for this patch, we also need to
> reject too long "VALID UNTIL" setting. If the password is
> complex, we should not use the same password for a long time.
This is a good point --- people who have password strength policies
tend to want a limited usage period as well. It's even conceivable
that you could have different allowed lifespans depending on how
strong the password is. I suggest we alter the hook signature to pass
it the valuntil time along with the other parameters it's already
getting, and let the one hook enforce policies for both.
I'm reviewing the patch now, and barring objections will make this
change before committing.
regards, tom lane