Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1moJCY-0007j7-AE for pgsql-hackers@arkaria.postgresql.org; Sat, 20 Nov 2021 05:46:14 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.92) (envelope-from ) id 1moJCW-0006Q2-TB for pgsql-hackers@arkaria.postgresql.org; Sat, 20 Nov 2021 05:46:12 +0000 Received: from makus.postgresql.org ([2001:4800:3e1:1::229]) by malur.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1moJCW-0006Ps-JU for pgsql-hackers@lists.postgresql.org; Sat, 20 Nov 2021 05:46:12 +0000 Received: from out5-smtp.messagingengine.com ([66.111.4.29]) by makus.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1moJCU-00009F-6u for pgsql-hackers@postgresql.org; Sat, 20 Nov 2021 05:46:11 +0000 Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailout.nyi.internal (Postfix) with ESMTP id 8118C5C0132; Sat, 20 Nov 2021 00:46:08 -0500 (EST) Received: from mailfrontend1 ([10.202.2.162]) by compute5.internal (MEProxy); Sat, 20 Nov 2021 00:46:08 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paquier.xyz; h= date:from:to:cc:subject:message-id:references:mime-version :content-type:in-reply-to; s=fm3; bh=buv6T+m2lsDZ0dHF8COj1AULj9y rcMAv0gqROIR+NeU=; b=jlMiJcgcqG/2oBl32R/xTCCDNNVCLg0utTwFD6x7Kfs NfsyDW2B2bKbbh7yBjJN54aoiz0fsrPwJxD3mikmpdw6cyEpsSFQ/vha2hox3d80 o96Mnr/A0rk63s8J5CxiTbbt8Yc2Wl9FltoGX/P+gpj28PZyG9Az81RdE1LWa9gx teMqoU2DMyF06u/OkCtS1fKoPRML6uuO+b/iNj9mtS2w/JmnbFfeN+f03KScphXP Y5qoWfCxltyQMC2lN9bkos9OluOBssrUGzuSLU7+mkUmNaH4hHAiVOVvERQUD+9z F++0tqeAaZ8u32/vaGGUeXNaABIKAtkLyLnwDd7Nw4A== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; bh=buv6T+ m2lsDZ0dHF8COj1AULj9yrcMAv0gqROIR+NeU=; b=l+x9OKbKqyj936Nb6aN0N4 ozkSRE2j1io4NfAeIIzOS7X2707ql7Fa8ZL44E2x9BNiVT5QBOqX+ewDE5UF7/EJ jLIE82k5W2vv5VP0o2ceI3G0XbBRpvAHiMjunPKfFXEdvxkU1RzgFNMwRgzxeAJ4 JvYVErfTAh2Wm4nBppP2EDHhULlg6lxrcdNiBpmsKVXb7CIbfqkOdQ5L43dVlFrU pktWzbTLYCQZquXd9oP3HPGI9SSsEwQig/P2Dv7GjlRHRzVO1h1hurB+tv9T08N5 w2fJNFdliVA1681i0cYmWXTt1zd9MMcCqOW9y9IghFk3KDGvEqOw819xqzDvz7KQ == X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvuddrfeelgdekvdcutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenfg hrlhcuvffnffculdejtddmnecujfgurhepfffhvffukfhfgggtuggjsehgtderredttddv necuhfhrohhmpefoihgthhgrvghlucfrrghquhhivghruceomhhitghhrggvlhesphgrqh huihgvrhdrgiihiieqnecuggftrfgrthhtvghrnhepvdegudeuhfdtueeltedtveejheeh ieevueeigeelteegleejleeiueeiheegvefhnecuvehluhhsthgvrhfuihiivgeptdenuc frrghrrghmpehmrghilhhfrhhomhepmhhitghhrggvlhesphgrqhhuihgvrhdrgiihii X-ME-Proxy: Received: by mail.messagingengine.com (Postfix) with ESMTPA; Sat, 20 Nov 2021 00:46:06 -0500 (EST) Date: Sat, 20 Nov 2021 14:46:02 +0900 From: Michael Paquier To: "Bossart, Nathan" Cc: Gilles Darold , Tom Lane , PostgreSQL Hackers Subject: Re: Pasword expiration warning Message-ID: References: <129bcfbf-47a6-e58a-190a-62fc21a17d03@migops.com> <3046422.1637337334@sss.pgh.pa.us> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="qobiRril8coJ2KaI" Content-Disposition: inline In-Reply-To: List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk --qobiRril8coJ2KaI Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Sat, Nov 20, 2021 at 12:17:53AM +0000, Bossart, Nathan wrote: > I bet it's possible to use the ClientAuthentication_hook for this. In > any case, I agree that it probably belongs server-side so that other > clients can benefit from this. ClientAuthentication_hook is called before the user is informed of the authentication result, FWIW, so that does not seem wise. -- Michael --qobiRril8coJ2KaI Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEG72nH6vTowiyblFKnvQgOdbyQH0FAmGYi5oACgkQnvQgOdby QH37+Q//cwwc1KZl5JaOoSycdP9UxraQ11xQ5T0i5m6v+hqkqVeMeLRksH1UvG79 Ew40TiTr3/5lupBC3ivHb3xt4ynfA8CZPTwed25e2Jhtn28tyXiRF9Rb8t+QGG5h ZXzaCVW09aHU0BSWff1J18SWaHfI5bZCjf6fknY+IZ6nzJdL6L9Y+HMDKaXoq6Q2 b7UjOmppk4iClTJMTpmtADVlRTd/cFaWMUwYOoU1aL7k3wpLbMgzVTi9LE++VuLi c0K5quX755BQleJFDo8etldjlU6UdRG/TmkjBtmIrwWvnSoULyz4XbftHkO1WUf2 VQ0lcdR3XyCM73MLchkLbBdPw9My2ljKwO6PzipgGWbNgyGk6HxJWf+8v5qixf55 16jIc8bCcJ468ioIj6W81JX44DcDEpCtDTlYHd6fvR1/kMGSi6MA4CSfklIlMorK odAWltdzjPTi2/ejc7/ObmTi0kPc43C49YFade27FRIQ68V5bxlFYyZbLWawhxrw oaN/5plY/WHj9uOYmarqR8/ZrYbcEuEOHBl2kn+AlBzUOf/mTq68bERE9JErIvh0 AXj4KzKwwJTkS8vS2wog9mYnYhYpq/uv0zrU8Tm2eqACg6Ruc89Umu7ronnaeQXz DqHJDs99PzISUM7Z2yTDljqkmcUZOIPWx94tHtPj6UY15Qyd+9Q= =SUo9 -----END PGP SIGNATURE----- --qobiRril8coJ2KaI--