Re: [PoC/RFC] Multiple passwords, interval expirations

Поиск
Список
Период
Сортировка
От Bruce Momjian
Тема Re: [PoC/RFC] Multiple passwords, interval expirations
Дата
Msg-id ZSByCfdd4GJrqGYu@momjian.us
обсуждение исходный текст
Ответ на Re: [PoC/RFC] Multiple passwords, interval expirations  (Jeff Davis <pgsql@j-davis.com>)
Ответы Re: [PoC/RFC] Multiple passwords, interval expirations  (Gurjeet Singh <gurjeet@singh.im>)
Список pgsql-hackers
Дерево обсуждения 
On Fri, Oct  6, 2023 at 01:20:03PM -0700, Jeff Davis wrote:
> The basic problem, as I see it, is: how do we keep users from
> accidentally dropping the wrong password? Generated unique names or

I thought we could auto-remove old password if the valid-until date is
in the past.  You would need a separate ALTER command to sets its date
in the past without that.  Also, defining a new password could require
setting the expiration date of the old password to make future additions
easier.

For pg_authid, I was thinking of columns:

    ADD    rolpassword_old
    ADD    rolvaliduntil_old
    EXISTS    rolpassword
    EXISTS    rolvaliduntil

I did blog about the password rotation problem and suggested
certificates:

    https://momjian.us/main/blogs/pgblog/2020.html#July_17_2020

-- 
  Bruce Momjian  <bruce@momjian.us>        https://momjian.us
  EDB                                      https://enterprisedb.com

  Only you can decide what is important to you.

В списке pgsql-hackers по дате отправления:

Предыдущее
От: Laurenz Albe
Дата:
Сообщение: Re: Fix output of zero privileges in psql
Следующее
От: Bruce Momjian
Дата:
Сообщение: Re: Problem, partition pruning for prepared statement with IS NULL clause.