Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1uze4B-005mSH-FS for pgsql-novice@arkaria.postgresql.org; Fri, 19 Sep 2025 16:34:35 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1uze48-008N9y-T1 for pgsql-novice@arkaria.postgresql.org; Fri, 19 Sep 2025 16:34:32 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1uze47-008N9q-UP for pgsql-novice@lists.postgresql.org; Fri, 19 Sep 2025 16:34:32 +0000 Received: from resqmta-c2p-546593.sys.comcast.net ([2001:558:fd00:56::8]) by magus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1uze42-001jNe-15 for pgsql-novice@lists.postgresql.org; Fri, 19 Sep 2025 16:34:31 +0000 Received: from resomta-c2p-555441.sys.comcast.net ([96.102.18.240]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 256/256 bits) (Client did not present a certificate) by resqmta-c2p-546593.sys.comcast.net with ESMTPS id zdg3u7D9JVEfeze3qu9oLw; Fri, 19 Sep 2025 16:34:14 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=comcast.net; s=20190202a; t=1758299655; bh=lxfDdTJbWtzDNIxvkLmHW4jHb/h5aUz4mEa5DlwfrTw=; h=Received:Received:Date:From:To:Message-ID:Subject:MIME-Version: Content-Type:Xfinity-Spam-Result; b=z/rImdjmWTlNH2IEMTOykIhySLDXoO7bc3jfAxmBLPZYmBiDMKyChDcxICojWrVUG eltbVnkUIMLGHVtIIGoX4232USUFKbV3vycgfrWO8bp703SiajE2DUfpXdiEK8dUQt +zm9vgi9bJtRhWygHjWFxIiLfV4JJCRjTz9o5BLC9Ctuiw7ByRXtkBPEmJHRfAkxMh 7FiMiJ9kjftYqHxsCdxFti4nXUaYMf7Eig5TkB1ZARUgEf3oflrT1qDdg4Ak+mXWut gYs/t15FIVRLzp3mXGgLpD1zO2334tCGr1ET0qD8FD4pHu7MZ+iMxT2qzqGWbljjm3 CSAKU5X2rf3NA== Received: from oxapp-hob-77o.email.comcast.net ([96.118.20.40]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 256/256 bits) (Client did not present a certificate) by resomta-c2p-555441.sys.comcast.net with ESMTPS id ze3puTPY4XRcyze3puX0bx; Fri, 19 Sep 2025 16:34:14 +0000 Date: Fri, 19 Sep 2025 09:34:13 -0700 (PDT) From: TIM CHILD To: "pgsql-novice@lists.postgresql.org" Message-ID: <544425228.661606.1758299653493@connect.xfinity.com> In-Reply-To: <04421b66a0c74a97b8378b5dd99caced@alte-leipziger.de> References: <04421b66a0c74a97b8378b5dd99caced@alte-leipziger.de> Subject: Re: Can we lock or expire a ROLE / USER MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_Part_661605_1085981797.1758299653479" X-Priority: 3 Importance: Normal X-Mailer: Open-Xchange Mailer v7.10.6-Rev59 X-Originating-IP: ::ffff:67.160.220.195 X-Originating-Client: open-xchange-appsuite X-CMAE-Envelope: MS4xfN29OyuiNg6N6l5qgDDUXACHPvyQ5WlBKPD9JWpO7R9Ttp8WO1bVXBOyusunVGJ5KDJSTrJmFhVNmH0MJINRrZ8YqDZcd9ni2DppB9LryEER+fJtI9Rj +Bb9E3Nbjf/zqO/HP56FXrAaLWVbp2o/Lvc2hsOm+Aj0AxEAs3A+e+RGYQTyNd+eeBMggfVSq6Tyvy5SMrSdB3r01YvQCEROMI1afOVPgRAU5Iy4NsXV8a// List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk ------=_Part_661605_1085981797.1758299653479 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Ram, =20 For PostgreSQL to implement features outlined below would be re-inventing t= he wheel as much of this feature functional already exist in Directory Ser= vice security systems like Active Directory/LDAP. Plus there are lots of g= ood reasons that these types of security features be centrally located and = administered rather than devolved into individual database instances and se= rvers. =20 To get some of the functionality I would point you to to Open LDAP director= y service https://en.wikipedia.org/wiki/OpenLDAP. PostgreSQL provides clie= nt integration with LDAP see https://www.postgresql.org/docs/current/auth-l= dap.html However I will point out the LDAP implementations, integration and administ= ration can be quite complex. =20 -Tim =20 =20 > On 09/19/2025 1:32 AM PDT Subramanian,Ramachandran wrote: > =20 > =20 >=20 > Hello all, >=20 > =20 >=20 > =20 >=20 > Absolute novice in Postgresql, coming from the Mainframe world. Kindl= y forgive my ignorance. >=20 > =20 >=20 > Is it possible to LOCK or DEACTIVATE or EXPIRE a USER ( ROLE with LOGIN )= after >=20 > =20 >=20 > 1. A set period of inactivity > 2. 5 Wrong password attempts >=20 > =20 >=20 > I searched through the manals and did not find any mention of such a faci= lity. >=20 > =20 >=20 > If it is not possible at the database level, can this be implemented in a= ny other way? >=20 > =20 >=20 > =20 >=20 > Regards >=20 > =20 >=20 > Ram >=20 >=20 > Freundliche Gr=C3=BC=C3=9Fe >=20 > i. A. Ramachandran Subramanian > Zentralbereich Informationstechnologie > =20 > Alte Leipziger Lebensversicherung a. G. > Hallesche Krankenversicherung a. G. >=20 > =20 >=20 > =20 > ______________________ >=20 > ALH Gruppe > Alte Leipziger-Platz 1, 61440 Oberursel > Tel: +49 (6171) 66-4882 > Fax: +49 (6171) 66-800-4882 > E-Mail: ramachandran.subramanian@alte-leipziger.de > www.alte-leipziger.de https://www.alte-leipziger.de > www.hallesche.de https://www.hallesche.de >=20 > Alte Leipziger Lebensversicherung a. G., Alte Leipziger-Platz 1, 61440 Ob= erursel > Vors. des Aufsichtsrats: Dr. Walter Botermann =C2=B7 Vorstand: Christoph = Bohn (Vors.), Dr. J=C3=BCrgen Bierbaum (stv. Vors.), Frank Kettnaker, Dr. J= ochen Kriegmeier, Alexander Mayer, Wiltrud Pekarek, Udo Wilcsek > Sitz Oberursel (Taunus) =C2=B7 Rechtsform VVaG =C2=B7 Amtsgericht Bad Hom= burg v. d. H. HRB 1583 =C2=B7 USt.-IdNr. DE 114106814 >=20 > Hallesche Krankenversicherung a. G., L=C3=B6ffelstra=C3=9Fe 34-38, 70597 = Stuttgart > Vors. des Aufsichtsrats: Dr. Walter Botermann =C2=B7 Vorstand: Christoph = Bohn (Vors.), Dr. J=C3=BCrgen Bierbaum (stv. Vors.), Frank Kettnaker, Dr. J= ochen Kriegmeier, Alexander Mayer, Wiltrud Pekarek, Udo Wilcsek > Sitz Stuttgart =C2=B7 Rechtsform VVaG =C2=B7 Amtsgericht Stuttgart HRB 26= 86 =C2=B7 USt.-IdNr. DE 147802285 > Beitr=C3=A4ge zu privaten Kranken- und Pflegekrankenversicherungen unterl= iegen nicht der Versicherungsteuer (=C2=A7 4 (1) Nr. 5 b VersStG) =C2=B7 Ve= rsicherungsleistungen sowie Ums=C3=A4tze aus Versicherungsvertreter-/Makler= t=C3=A4tigkeiten sind umsatzsteuerfrei >=20 > Pflichtangaben https://www.alte-leipziger.de/impressum der ALH Gruppe gem= =C3=A4=C3=9F =C2=A7 35a GmbHG bzw. =C2=A7 80 AktG >=20 ------=_Part_661605_1085981797.1758299653479 MIME-Version: 1.0 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable =20 =20
Ram,
=20
 
=20
For PostgreSQL to implement features outlined below would be re-inventin= g the wheel as much of this feature  functional already exist in Direc= tory Service security systems like Active Directory/LDAP.  Plus there = are lots of good reasons that these types of security features be centrally= located and administered rather than devolved into individual database ins= tances and servers.
=20
 
=20
To get some of the functionality I would point you to to Open LDAP direc= tory service https://en.= wikipedia.org/wiki/OpenLDAP.  PostgreSQL provides client integrati= on with LDAP see https://www.postgresql.org/docs/current/auth-ldap.html
=20
However I will point out the LDAP implementations, integration and admin= istration can be quite complex.
=20
 
=20
-Tim
=20
 
=20
 
=20
=20
On 09/19/2025 1:32 AM PDT Subramanian,Ramachandran <ramachandran.sub= ramanian@alte-leipziger.de> wrote:
=20
 
=20
 
=20
=20

Hello all,

=20

 

=20

 

=20

   Absolute novice in Postgresql, coming from= the Mainframe world.  Kindly forgive my ignorance.

=20

 

=20

Is it possible to LOCK or DEACTIVATE or EXPIRE a USER (= ROLE with LOGIN ) after

=20

 

=20
    =20
  1. A set period of inactivity
    2. =20
  2. 5 Wrong password attempts
    3. =20
=20

 

=20

I searched through the manals and did not find any ment= ion of such a facility.

=20

 

=20

If it is not possible at the database level, can this b= e implemented in any other way?

=20

 

=20

 

=20

Regards

=20

 

=20

Ram

=20
=20
=20

Freundliche Gr=C3=BC=C3=9Fe


=20

i. A. Ramachandran Subramani= an

=20

Zentralbereich Informationstechnologie

=20

 

=20

Alte Leipziger Lebensversicherung a.= G.

=20

Hallesche Krankenversicherung a. G.<= /span>

=20

 

=20

 

=20

______________________

=20

ALH Gruppe
Alte Leipziger-Platz 1, 61440= Oberursel
Tel: +49 (6171) 66-4882
Fax: +49 (6171) 66-800-4882
E-M= ail: ramachandran.subramanian@alte-leipziger.de
www.alte-leipziger.de
www.hallesche.de

=20

Alte Leipziger Lebensversicher= ung a. G., Alte Leipziger-Platz 1, 61440 Oberursel

=20

Vors. des Aufsichtsrats: Dr. W= alter Botermann =C2=B7 Vorstand: Christoph Bohn (Vors.), Dr. J=C3=BCrgen Bi= erbaum (stv. Vors.), Frank Kettnaker, Dr. Jochen Kriegmeier, Alexander Maye= r, Wiltrud Pekarek, Udo Wilcsek

=20

Sitz Oberursel (Taunus) =C2=B7= Rechtsform VVaG =C2=B7 Amtsgericht Bad Homburg v. d. H. HRB 1583 =C2=B7 US= t.-IdNr. DE 114106814

=20
=20

Hallesche Krankenversicherung = a. G., L=C3=B6ffelstra=C3=9Fe 34-38, 70597 Stuttgart

=20

Vors. des Aufsichtsrats: Dr. W= alter Botermann =C2=B7 Vorstand: Christoph Bohn (Vors.), Dr. J=C3=BCrgen Bi= erbaum (stv. Vors.), Frank Kettnaker, Dr. Jochen Kriegmeier, Alexander Maye= r, Wiltrud Pekarek, Udo Wilcsek

=20

Sitz Stuttgart =C2=B7 Rechtsfo= rm VVaG =C2=B7 Amtsgericht Stuttgart HRB 2686 =C2=B7 USt.-IdNr. DE 14780228= 5

=20

Beitr=C3=A4ge zu privaten Kran= ken- und Pflegekrankenversicherungen unterliegen nicht der Versicherungsteu= er (=C2=A7 4 (1) Nr. 5 b VersStG) =C2=B7 Versicherungsleistungen sowie Ums= =C3=A4tze aus Versicherungsvertreter-/Maklert=C3=A4tigkeiten sind umsatzste= uerfrei

=20
=20

Pflichtangaben der ALH Gruppe gem=C3=A4=C3=9F =C2=A7 35a= GmbHG bzw. =C2=A7 80 AktG

=20
------=_Part_661605_1085981797.1758299653479--