On Fri, Mar 8, 2013 at 4:07 AM, Albe Laurenz
<laurenz.albe@wien.gv.at> wrote:
Victor Yegorov wrote:
> 2013/3/8 Albe Laurenz <
laurenz.albe@wien.gv.at>
>> This way you can also force a certain password expiry date
>> (PostgreSQL does not have a password life time).
>
> What bout ALTER ROLE ... VALID UNTIL 'timestamp' ?
Oracle's concept is different: it sets a limit on the time
between password changes.
There is no such thing in PostgreSQL.
BTW, your suggestion to use a function here is exactly what we do in LedgerSMB. Password expiration is forced to be now() + an interval specified in a configuration table.
It would be nice to be able to do handling of failed login attempts but currently I don;t think that's possible from within PostgreSQL (i.e. without external auth).