On Sat, May 8, 2021 at 05:44:52AM +0200, Laurenz Albe wrote: > On Fri, 2021-05-07 at 15:47 -0500, Vipin Madhusoodanan wrote: > > Can someone help with suggestions or ideas for a workaround to achieve this? > > > > > > > > Please advise on the possibilities to retrieve “last password change date” for a PostgreSQL user account. > > > > > > We have an audit requirement to identify the password change details for local PostgreSQL user accounts. > > You cannot do that unless you want to modify PostgreSQL. > > For requirements like this, the recommendation is *not* to use passwords > in the database for authentication. Use one of the other authentication > methods that uses an external authority. > > Identity management systems specialize in that kind of thing, and you may > be able to get that information from there. Here is a blog entry about using cerrificate authenticaiton and rotating them: https://momjian.us/main/blogs/pgblog/2020.html#July_17_2020 The certificates must have expiration dates. -- Bruce Momjian <bruce@xxxxxxxxxx> https://momjian.us EDB https://enterprisedb.com If only the physical world exists, free will is an illusion.
