From: | Stephen Frost <sfrost(at)snowman(dot)net> |
---|---|
To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
Cc: | Michael Banck <michael(dot)banck(at)credativ(dot)de>, Postgres hackers <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: Record last password change |
Date: | 2019-01-05 19:17:42 |
Message-ID: | 20190105191741.GS2528@tamriel.snowman.net |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
Greetings,
* Tom Lane (tgl(at)sss(dot)pgh(dot)pa(dot)us) wrote:
> Michael Banck <michael(dot)banck(at)credativ(dot)de> writes:
> > The same was requested in https://dba.stackexchange.com/questions/91252/
> > how-to-know-when-postgresql-password-is-changed so I was wondering
> > whether this would be a welcome change/addition, or whether people think
> > it's not worth bothering to implement it?
>
> This has all the same practical problems as recording object creation
> times, which we're not going to do either. (You can consult the
> archives for details, but from memory, the stickiest aspects revolve
> around what to do during dump/reload. Although even CREATE OR REPLACE
> offers interesting definitional questions. In the end there are just
> too many different behaviors that somebody might want.)
I disagree with these being serious practical problems- we just need to
decide which was to go when it comes to dump/restore here and there's an
awful lot of example systems out there to compare to for this case.
> I've heard that if you want to implement a password aging policy, PAM
> authentication can manage that for you; but I don't know the details.
That's ridiculously ugly; I know, because I've had to do it, more than
once. In my view, it's past time to update our password mechanisms to
have the features that one expects a serious system to have these days.
Thanks!
Stephen
From | Date | Subject | |
---|---|---|---|
Next Message | Tom Lane | 2019-01-05 19:18:27 | Re: Record last password change |
Previous Message | Stephen Frost | 2019-01-05 19:15:00 | Re: Record last password change |