On Sun, Oct 8, 2023 at 10:50:15AM -0700, Gurjeet Singh wrote: > On Sun, Oct 8, 2023 at 10:29 AM Bruce Momjian <br...@momjian.us> wrote: > > > > I was speaking of autoremoving in cases where we are creating a new one, > > and taking the previous new one and making it the old one, if that was > > not clear. > > Yes, I think I understood it differently. I understood it to mean that > this behaviour would apply to all passwords, those created by existing > commands, as well as to those created by new commands for rollover use > case. Whereas you meant this autoremove behaviour to apply only to > those passwords created by/for rollover related commands. I hope I've > understood your proposal correctly this time around :-)
Yes, it is only during the addition of a new password when the previous new password becomes the new old password. The previous old password would need to have an rolvaliduntil in the past. > I believe the passwords created by rollover feature should > behave by the same rules as the rules for passwords created by > existing CREATE/ALTER ROLE commands. If we implement the behaviour to > delete expired passwords, then I believe that behaviour should apply > to all passwords, irrespective of which command/feature was used to > create a password. This would only apply when we are moving the previous new password to old and the old one is removed. -- Bruce Momjian <br...@momjian.us> https://momjian.us EDB https://enterprisedb.com Only you can decide what is important to you.
