On Fri, Oct 6, 2023 at 01:20:03PM -0700, Jeff Davis wrote:
> The basic problem, as I see it, is: how do we keep users from
> accidentally dropping the wrong password? Generated unique names or
I thought we could auto-remove old password if the valid-until date is
in the past. You would need a separate ALTER command to sets its date
in the past without that. Also, defining a new password could require
setting the expiration date of the old password to make future additions
easier.
For pg_authid, I was thinking of columns:
ADD rolpassword_old
ADD rolvaliduntil_old
EXISTS rolpassword
EXISTS rolvaliduntil
I did blog about the password rotation problem and suggested
certificates:
https://momjian.us/main/blogs/pgblog/2020.html#July_17_2020
--
Bruce Momjian <br...@momjian.us> https://momjian.us
EDB https://enterprisedb.com
Only you can decide what is important to you.
