On Fri, 19 Nov 2021 at 20:19, Gilles Darold <gilles@migops.com> wrote:
Hi all,
Now that the security policy is getting stronger, it is not uncommon to create users with a password expiration date (VALID UNTIL).The problem is that the user is only aware that his password has expired when he can no longer log in unless the application with which he is connecting notifies him beforehand.
I'm wondering if we might be interested in having this feature in psql?For example for a user whose password expires in 3 days:
gilles=# CREATE ROLE foo LOGIN PASSWORD 'foo' VALID UNTIL '2021-11-22'; CREATE ROLE gilles=# \c - foo Password for user foo: psql (15devel, server 14.1 (Ubuntu 14.1-2.pgdg20.04+1)) ** Warning: your password expires in 3 days ** You are now connected to database "gilles" as user "foo".
My idea is to add a psql variable that can be defined in psqlrc to specify the number of days before the user password expires to start printing a warning. The warning message is only diplayed in interactive mode Example:
It is useful to notify the users about their near account expiration,
and we are doing that at client level.
Default value is 0 like today no warning at all.
Of course any other client application have to write his own beforehand expiration notice but with psql we don't have it for the moment. If there is interest for this psql feature I can post the patch.