Re: User Details for PostgreSQL

https://github.com/pgaudit/pgaudit might help.  It's packed for install by
the Postgres team,  (Of course, it's too late for existing accounts.)

On 5/9/19 4:11 PM, Kumar, Virendra wrote:
>
> Thanks Chris!
>
> Since PostgreSQL still have to have those accounts even if we authenticate
> it externally we have to get at least the user creation date from the
> instance as that information might be different in instance vs external
> utility. Is there a possibility we can get it.
>
> Most of our accounts are AD authenticated however we have some like
> (postgres – superuser!) which is local or peer authenticated we want to
> control that as well and hence the requirement.
>
> Regards,
>
> Virendra
>
> *From:*Christopher Browne [mailto:cbbrowne(at)gmail(dot)com]
> *Sent:* Thursday, May 09, 2019 5:04 PM
> *To:* Kumar, Virendra
> *Cc:* pgsql-general(at)lists(dot)postgresql(dot)org
> *Subject:* Re: User Details for PostgreSQL
>
> On Thu, 9 May 2019 at 16:43, Kumar, Virendra <Virendra(dot)Kumar(at)guycarp(dot)com
> <mailto:Virendra(dot)Kumar(at)guycarp(dot)com>> wrote:
>
> Hello Team,
>
> We are looking for some audit information about user creation. We need
> a few audit fields which we did not find in PostgreSQL. I would be
> happy if someone help us in finding these details. Besically we need
> information about:
>
> 1.User creation date
>
> 2.Last Password change date
>
> Do we have a way to get these values or can somebody guide us how we
> can store and get these values while creating user.
>
> Regards,
>
> Virendra
>
> Since there is a diversity of ways of managing this information, including
> outside the database, there is no way to assert a true-in-general
> mechanism for this.
>
> Indeed, if you are interested in managing such information particularly
> carefully, you may wish to use mechanisms such as PAM, Kerberos, LDAP,
> GSSAPI for this, in which case PostgreSQL may have no responsibility in
> the matter of managing passwords.  It is quite likely a good idea to use
> something like Kerberos if you have the concerns that you describe, and if
> so, the audit information you want would be collected from Kerberos, not
> PostgreSQL
>
>
> --
>
> When confronted by a difficult problem, solve it by reducing it to the
> question, "How would the Lone Ranger handle this?"
>
>
> ----------------------------------------------------------------------------
>
> This message is intended only for the use of the addressee and may contain
> information that is PRIVILEGED AND CONFIDENTIAL.
>
> If you are not the intended recipient, you are hereby notified that any
> dissemination of this communication is strictly prohibited. If you have
> received this communication in error, please erase all copies of the message
> and its attachments and notify the sender immediately. Thank you.

--
Angular momentum makes the world go 'round.