pgsql: Add password expiration warnings.

public inbox for [email protected]  
help / color / mirror / Atom feed

From: Nathan Bossart <[email protected]>
To: [email protected]
Subject: pgsql: Add password expiration warnings.
Date: Wed, 11 Feb 2026 16:36:56 +0000
Message-ID: <[email protected]> (raw)

Add password expiration warnings.

This commit adds a new parameter called
password_expiration_warning_threshold that controls when the server
begins emitting imminent-password-expiration warnings upon
successful password authentication.  By default, this parameter is
set to 7 days, but this functionality can be disabled by setting it
to 0.  This patch also introduces a new "connection warning"
infrastructure that can be reused elsewhere.  For example, we may
want to warn about the use of MD5 passwords for a couple of
releases before removing MD5 password support.

Author: Gilles Darold <[email protected]>
Co-authored-by: Nathan Bossart <[email protected]>
Reviewed-by: Japin Li <[email protected]>
Reviewed-by: songjinzhou <[email protected]>
Reviewed-by: liu xiaohui <[email protected]>
Reviewed-by: Yuefei Shi <[email protected]>
Reviewed-by: Steven Niu <[email protected]>
Reviewed-by: Soumya S Murali <[email protected]>
Reviewed-by: Euler Taveira <[email protected]>
Reviewed-by: Zsolt Parragi <[email protected]>
Reviewed-by: Chao Li <[email protected]>
Reviewed-by: Greg Sabino Mullane <[email protected]>
Reviewed-by: Peter Eisentraut <[email protected]>
Discussion: https://postgr.es/m/129bcfbf-47a6-e58a-190a-62fc21a17d03%40migops.com

Branch
------
master

Details
-------
https://git.postgresql.org/pg/commitdiff/1d92e0c2cc4789255c630d8776bbe85ca9ebc27f

Modified Files
--------------
doc/src/sgml/config.sgml                      | 22 ++++++++
src/backend/libpq/crypt.c                     | 73 +++++++++++++++++++++++++--
src/backend/utils/init/postinit.c             | 69 +++++++++++++++++++++++++
src/backend/utils/misc/guc_parameters.dat     | 10 ++++
src/backend/utils/misc/postgresql.conf.sample |  3 +-
src/include/libpq/crypt.h                     |  3 ++
src/include/miscadmin.h                       |  1 +
src/test/authentication/t/001_password.pl     | 34 +++++++++++++
8 files changed, 209 insertions(+), 6 deletions(-)

reply

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Reply to all the recipients using the --to and --cc options:
  reply via email

  To: [email protected]
  Cc: [email protected], [email protected]
  Subject: Re: pgsql: Add password expiration warnings.
  In-Reply-To: <[email protected]>

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox