Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1uzdSE-005hsO-Nr for pgsql-novice@arkaria.postgresql.org; Fri, 19 Sep 2025 15:55:22 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1uzdSD-008CpK-AM for pgsql-novice@arkaria.postgresql.org; Fri, 19 Sep 2025 15:55:21 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1uzdSD-008CpC-0q for pgsql-novice@lists.postgresql.org; Fri, 19 Sep 2025 15:55:21 +0000 Received: from mail-wm1-x32e.google.com ([2a00:1450:4864:20::32e]) by magus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.96) (envelope-from ) id 1uzdS8-001j0U-3D for pgsql-novice@lists.postgresql.org; Fri, 19 Sep 2025 15:55:20 +0000 Received: by mail-wm1-x32e.google.com with SMTP id 5b1f17b1804b1-468973c184bso4718385e9.3 for ; Fri, 19 Sep 2025 08:55:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cybertec.at; s=google; t=1758297317; x=1758902117; darn=lists.postgresql.org; h=mime-version:user-agent:content-transfer-encoding:references :in-reply-to:date:to:from:subject:message-id:from:to:cc:subject:date :message-id:reply-to; bh=VM+meetErfpt+b1aZaZW8sEQxVd6IIIjkrzEvLu8XmE=; b=mtpIH2XAscvX2IPbw75b3s/HuzqDaatAj3by0MgRqoBqGIFBh6+9ErCZqUdksSTX9n XRl5VcN6yz/yLh4O9C7dw6MheBVjbHU2eNvkBIR1TMtS5bBn9UfN/MgHTxPPMQ9J4+qv PmfWm+ZopNBPpAJxpji83rMuEpELOWoBOnmWfj6+axQjrZd4hMVBGx+SdIKuXl1H3Uxi 7Qh/NPwFnTZMLszvmtSGbG7BNlfOwSNvzOHX4lM47KhIG2potc+L4qZQPSZV9B5EwtqC pezTFIdW8H1T4hLDfZjtx0eUSWUAPgSUEq3YUa5wcOnZRIpFbHdJJOHTeSx98uXaUor7 R4MQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1758297317; x=1758902117; h=mime-version:user-agent:content-transfer-encoding:references :in-reply-to:date:to:from:subject:message-id:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=VM+meetErfpt+b1aZaZW8sEQxVd6IIIjkrzEvLu8XmE=; b=iaXrsViuQ1KuNWVqCwdia6wnRWCcZGX65JnrpZJI2gEBoGEuwXOh2knx1gBzq0QRvX BzzFM9XDbc9C5TUaARIBprT4dR+Piju/CEf1R5Ey3u6AFceZFRkv9uaQHo7rc/BXHcax ayz3Obt2thIEGkVVBIgLhcsaCvSui1s+q1wNnF7VA7OeeHP/Fro+VUTYt3i+tKeQBH4a tejKZCPI9N9aUpuqxERUOoLiEJ0LAHbiSItckhW3SXsj8GFpr1BCLxLqdyU2M5rIqoc/ x4qlLTFjmGeNJp+YkXygyMIB3nQg+L0/Qm5jrPOA5DFJQj3qj7SrKRG89WIYCwPwh1ZD 1yMg== X-Forwarded-Encrypted: i=1; AJvYcCXl9FSsSQEEHqRlESmHL/BxZpYknGKiOMa0y3Aqw4Y3FObC0MP/WcJ7RLIP6s235WrecJ/VXZWo9amlySs=@lists.postgresql.org X-Gm-Message-State: AOJu0Yw8nHZto60PnNsJCsxlaGMUdqWDu28CcHDkbdwWtFv+lQCU9w1+ Hkxj1MJwQ4YQc2C5rIZrGtCWpHghi47GL4/5HcEumbPi9LyC/4M7+1wLiaA0Czy4AFFjHvJZ8pI frTGU X-Gm-Gg: ASbGncvniQ2XRD89+L6IXGlufCuz0PIZOFUfIOGXSOZzxwQrIWpTX8UJLMeo32r7bq7 uS6BHb4XZCY5DSRB1zeXO1ImfloTCl3KKPyE5Xy0Y5134N0BeObCeU5JK7t0MEZruXkpZ8oCoed 66T3vgHq8Wb72YLU7zNTTLNT+V2U1pzwEJozftEW9u2r/I3Ag/5/hjOhmDPOKpCW57qxzwwEu7W W4RYR/Wm287fpD36afnL0/GBgGNyh+D4RaQT0j/p5jECBvRHQnVqgrM1OXAX2mRP5LaRLOUM31z TQyiujWgQaT42csn56GiN2aaIUTmt8P55paP6xWsVh6+F22Ti55ZnZINSAzloADmGa/tvMk21oT rdKANuaKilFxRQw4+kfRBvfVyoE20fl4p4Dgg9Q4yCmz8j9agZmVvuw== X-Google-Smtp-Source: AGHT+IEkeslJNGviElszwY+U4p+xiNkiXBESZae67dpBSTAjkaQVgnWS8q+aNUN1JXl27hRWLJp4Gg== X-Received: by 2002:a05:600c:45d2:b0:45b:7d77:b592 with SMTP id 5b1f17b1804b1-467e6f36218mr38075835e9.12.1758297317174; Fri, 19 Sep 2025 08:55:17 -0700 (PDT) Received: from laurenz.albe-K4N0CV00F97414D ([2001:871:255:4fc6:3de:a533:6c37:95fe]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-45f32181a47sm88696615e9.1.2025.09.19.08.55.16 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 19 Sep 2025 08:55:16 -0700 (PDT) Message-ID: <9886a78311a66418e5ebd5c2a42bf14987d7147a.camel@cybertec.at> Subject: Re: Can we lock or expire a ROLE / USER From: Laurenz Albe To: "Subramanian,Ramachandran" , "pgsql-novice@lists.postgresql.org" Date: Fri, 19 Sep 2025 17:55:16 +0200 In-Reply-To: <04421b66a0c74a97b8378b5dd99caced@alte-leipziger.de> References: <04421b66a0c74a97b8378b5dd99caced@alte-leipziger.de> Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable User-Agent: Evolution 3.56.2 (3.56.2-2.fc42) MIME-Version: 1.0 List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk On Fri, 2025-09-19 at 08:32 +0000, Subramanian,Ramachandran wrote: > =C2=A0=C2=A0 Absolute novice in Postgresql, coming from the Mainframe wor= ld.=C2=A0 Kindly forgive my ignorance. > =C2=A0 > Is it possible to LOCK or DEACTIVATE or EXPIRE a USER ( ROLE with LOGIN )= after > =C2=A0 > =C2=A0=C2=A0=C2=A01. A set period of inactivity > =C2=A0=C2=A0=C2=A02. 5 Wrong password attempts > =C2=A0 > I searched through the manals and did not find any mention of such a faci= lity. PostgreSQL doesn't offer support for these functionalities. It also does not allow you to enforce password complexity rules. > If it is not possible at the database level, can this be implemented in a= ny other way? The way to do that is to authenticat database users using a central identit= y management system like Kerberos. See the documentation for a list of suppo= rted authentication methods: https://www.postgresql.org/docs/current/client-authentication.html Yours, Laurenz Albe