postgresql_passchanger_func.../README.md

52 lines
1.6 KiB
Markdown
Raw Normal View History

2022-01-20 09:39:45 +00:00
# PostgreSQL expiration date management functions
## Description
This project tries to find a way to allow users the management of the `VALID UNTIL` expiration clause by themself.
All without granting `super` permissions and having a histoc of changes on a _pseudo-audit_ table
2022-05-09 15:56:08 +00:00
| :warning: WARNING |
|:---------------------------|
| Amazon RDS has its own instructions on README_RDS.md |
|:---------------------------|
| :warning: WARNING |
2022-01-20 09:39:45 +00:00
## Instructions
### First deploy
Deploy `passchanger.sql` on the desired cluster/database.
It will:
* create a `dba` schema
* create a `dba` role
2022-01-20 09:42:01 +00:00
* create the `pwdhistory` table for audit purpouses
2022-01-20 09:39:45 +00:00
* Grant the minimum permissions for this new role so the whole thing works
* Create the 2 needed functions and grant permissions on them to `dba`
### Allowing users to use that functions
Take the file `grants_to_grant.sql` and modify the username _dodger_ so it match the username that should have the permissions.
Execute the grants on the cluster/database you have deployed `passchanger.sql`
2022-01-20 09:42:01 +00:00
### Changing password & extending expiration date
2022-01-20 09:39:45 +00:00
2022-01-20 09:51:59 +00:00
The user should just execute:
```
select dba.change_my_password('YOUR_NEW_GENERATED_PASSWORD_NOT_THIS_ONE') ;
```
2022-01-04 17:28:26 +00:00
2022-05-06 07:23:48 +00:00
## Helper script
2022-01-04 17:47:12 +00:00
2022-05-06 07:23:48 +00:00
I've generated a helper script to make the process easier for users:
```
dodger@ciberterminal.net $ bash password_creator.sh
-- CHECK: password check
-- <Wl}TxqRPBQaV_N<rU#A
-- /CHECK: password check
-- ##############################################
select dba.change_my_password('<Wl}TxqRPBQaV_N<rU#A') ;
-- ##############################################
```