Re: [PoC/RFC] Multiple passwords, interval expirations

From: Gurjeet Singh <gurjeet(at)singh(dot)im>
To: Bruce Momjian <bruce(at)momjian(dot)us>
Cc: Jeff Davis <pgsql(at)j-davis(dot)com>, Nathan Bossart <nathandbossart(at)gmail(dot)com>, PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org>, Stephen Frost <sfrost(at)snowman(dot)net>, "Brindle, Joshua" <joshuqbr(at)amazon(dot)com>
Subject: Re: [PoC/RFC] Multiple passwords, interval expirations
Date: 2023-10-08 17:50:15
Message-ID: CABwTF4U-2YOuCnuud5sroAc2A8J4-4+9RsisJQ3zdTc8Ecz0hg@mail.gmail.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

On Sun, Oct 8, 2023 at 10:29 AM Bruce Momjian <bruce(at)momjian(dot)us> wrote:
>
> I was speaking of autoremoving in cases where we are creating a new one,
> and taking the previous new one and making it the old one, if that was
> not clear.

Yes, I think I understood it differently. I understood it to mean that
this behaviour would apply to all passwords, those created by existing
commands, as well as to those created by new commands for rollover use
case. Whereas you meant this autoremove behaviour to apply only to
those passwords created by/for rollover related commands. I hope I've
understood your proposal correctly this time around :-)

I believe the passwords created by rollover feature should
behave by the same rules as the rules for passwords created by
existing CREATE/ALTER ROLE commands. If we implement the behaviour to
delete expired passwords, then I believe that behaviour should apply
to all passwords, irrespective of which command/feature was used to
create a password.

Best regards,
Gurjeet
http://Gurje.et

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Noah Misch 2023-10-08 18:17:50 Re: Trigger violates foreign key constraint
Previous Message Bruce Momjian 2023-10-08 17:29:14 Re: [PoC/RFC] Multiple passwords, interval expirations