| From: | Bruce Momjian <bruce(at)momjian(dot)us> |
|---|---|
| To: | Laurenz Albe <laurenz(dot)albe(at)cybertec(dot)at> |
| Cc: | Vipin Madhusoodanan <vipin(dot)madhusoodanan(at)gmail(dot)com>, Vijaykumar Jain <vijaykumarjain(dot)github(at)gmail(dot)com>, pgsql-admin(at)lists(dot)postgresql(dot)org, Holger Jakobs <holger(at)jakobs(dot)com> |
| Subject: | Re: Query on User account password change details |
| Date: | 2021-05-08 13:37:42 |
| Message-ID: | 20210508133742.GA27049@momjian.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
On Sat, May 8, 2021 at 05:44:52AM +0200, Laurenz Albe wrote:
> On Fri, 2021-05-07 at 15:47 -0500, Vipin Madhusoodanan wrote:
> > Can someone help with suggestions or ideas for a workaround to achieve this?
> >
> > > > > > Please advise on the possibilities to retrieve “last password change date” for a PostgreSQL user account.
> > > > > > We have an audit requirement to identify the password change details for local PostgreSQL user accounts.
>
> You cannot do that unless you want to modify PostgreSQL.
>
> For requirements like this, the recommendation is *not* to use passwords
> in the database for authentication. Use one of the other authentication
> methods that uses an external authority.
>
> Identity management systems specialize in that kind of thing, and you may
> be able to get that information from there.
Here is a blog entry about using cerrificate authenticaiton and rotating them:
https://momjian.us/main/blogs/pgblog/2020.html#July_17_2020
The certificates must have expiration dates.
--
Bruce Momjian <bruce(at)momjian(dot)us> https://momjian.us
EDB https://enterprisedb.com
If only the physical world exists, free will is an illusion.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Rui DeSousa | 2021-05-09 00:49:30 | Re: Query on User account password change details |
| Previous Message | P C | 2021-05-08 05:34:15 | Re: pg_repack & pg_squeeze in EPAS 12 |