Hello, a customer recently mentioned that they'd like to be able to see when a (md5, scram) role had their password last changed.
Use-cases for this would be issueing an initial password and then later making sure it got changed, or auditing that all passwords get changed once a year. You can do that via external authentication methods like ldap/gss-api/pam but in some setups those might not be available to the DBAs. I guess it would amount to adding a column like rolpasswordchanged to pg_authid and updating it when rolpassword changes, but maybe there is a better way? The same was requested in https://dba.stackexchange.com/questions/91252/ how-to-know-when-postgresql-password-is-changed so I was wondering whether this would be a welcome change/addition, or whether people think it's not worth bothering to implement it? Thoughts? Michael -- Michael Banck Projektleiter / Senior Berater Tel.: +49 2166 9901-171 Fax: +49 2166 9901-100 Email: michael.ba...@credativ.de credativ GmbH, HRB Mönchengladbach 12080 USt-ID-Nummer: DE204566209 Trompeterallee 108, 41189 Mönchengladbach Geschäftsführung: Dr. Michael Meskes, Jörg Folz, Sascha Heuer Unser Umgang mit personenbezogenen Daten unterliegt folgenden Bestimmungen: https://www.credativ.de/datenschutz
