Password aging

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Password aging

Heckler, Kim M

All,

 

Is there an extension that provides password aging functionality?  i.e.  requires uses to change password after X number of days from last password change.

 

Thank you.

 

Nationwide is on your side.

Kim M. Heckler

Consultant, Infrastructure Eng

Proud Nationwide Member

Distributed Database Services

W 614-249-3014

C 740-816-0908

[hidden email]

FORTUNE® and Time Inc. are not affiliated with, and do not endorse the products or services of, Nationwide Mutual Insurance Company.

 

 

 

 

Reply | Threaded
Open this post in threaded view
|

Re: Password aging

Andrej Ricnik-Bay
I'm not aware of any such extension; but similar questions were asked in the past, and the common (and IMHO sensible) response is to tie postgres authentication into an external authentication provider, e.g. LDAP 

Kind regards,
Andrej

On Thu, 6 Feb 2020 at 08:39, Heckler, Kim M <[hidden email]> wrote:

All,

 

Is there an extension that provides password aging functionality?  i.e.  requires uses to change password after X number of days from last password change.

 

Thank you.

 

Nationwide is on your side.

Kim M. Heckler

Consultant, Infrastructure Eng

Proud Nationwide Member

Distributed Database Services

W 614-249-3014

C 740-816-0908

[hidden email]

FORTUNE® and Time Inc. are not affiliated with, and do not endorse the products or services of, Nationwide Mutual Insurance Company.

 

 

 

 



--
Please don't top post, and don't use HTML e-Mail :}  Make your quotes concise.

http://www.georgedillon.com/web/html_email_is_evil.shtml
http://www.catb.org/jargon/html/email-style.html
Reply | Threaded
Open this post in threaded view
|

Re: Password aging

Stephen Frost
Greetings,

* Andrej ([hidden email]) wrote:
> I'm not aware of any such extension; but similar questions were asked in
> the past, and the common (and IMHO sensible) response is to tie postgres
> authentication into an external authentication provider, e.g. LDAP

I agree with the idea of tying PG to an external authentication
provider, but I strongly recommend to use GSSAPI and *not* LDAP, as LDAP
based auth is insecure and not needed when you're running an Active
Directory environment (which is a very common use-case that people
have in many places).

Thanks,

Stephen

signature.asc (836 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Password aging

Gavin Flower-2
In reply to this post by Heckler, Kim M
On 06/02/2020 08:38, Heckler, Kim M wrote:

>
> All,
>
> Is there an extension that provides password aging functionality? 
> i.e.  requires uses to change password after X number of days from
> last password change.
>
> Thank you.
>
> Nationwide is on your side.
>
>
>
> *Kim M. Heckler*
>
> Consultant, Infrastructure Eng
>
> Proud Nationwide Member
>
> Distributed Database Services
>
> W 614-249-3014
>
> C 740-816-0908
>
> [hidden email]
>
> /FORTUNE® and Time Inc. are not affiliated with, and do not endorse
> the products or services of, Nationwide Mutual Insurance Company./
>
>
>
I would strongly recommend not using password aging, as it encourages
weak passwords -  comon is a base password and a number which is
incremented.

Suggest longer passwords that include special characters and don't end
in a number, so they are more difficult to crack.

My 16 character passwords look like:

Y3%oT+]tTrt9G5x:

Generated by program I wrote.


Cheers,
Gavin