Re: Pasword expiration warning

Le 02/02/2026 à 18:04, Nathan Bossart a écrit :
> On Fri, Jan 30, 2026 at 12:33:54PM +0100, Gilles Darold wrote:
>> Here a new v12 version of the patch. Changes are the following:
> Thanks.  I spent some time preparing this for commit, and I came up with
> the attached.  Notable changes include:
>
> * Renamed the parameter to password_expiration_warning_threshold.  It's a
> mouthful, but I thought it was more descriptive.
>
> * Changed the units for the parameter to minutes.  I can't imagine anyone
> needs more granularity than hours or days, let alone seconds, so IMO
> minutes is a good middle ground.
>
> * I added a new "connection warnings" infrastructure that we can reuse
> if/when we want to emit warnings for MD5 passwords.
>
> * Moved the warning messages to Port.  ClientConnectionInfo appears to be
> meant only for parallel workers, and I don't think we will ever want to
> emit connection warnings there.
>
> * Moved the tests into 001_password.pl.  I'm a bit concerned about these
> tests being flaky, but I've tried setting the VALID UNTIL dates to make
> spurious failures virtually impossible.
>
> WDYT?


Thanks Nathan, I'm comfortable with all the changes except the first two.

I think configuration name password_expiration_warning_threshold is too 
long, why not only password_warning_threshold?  I think the description 
is here to explain more the configuration directive.

About the unit, I think using minutes is useless. It should be set in 
days to be really useful but like all other time based directives it can 
be set in seconds, minutes or hours too. This give the user the 
granularity he wants. The common use will be to set it using 'Nd' syntax 
but if someone wants to use 'Ns' syntax, it can be done.


-- 
Gilles Darold
http://www.darold.net/