Go to file
2022-05-09 17:56:08 +02:00
grants_to_grant_rds.sql bugfixes 2022-05-09 17:56:08 +02:00
grants_to_grant.sql working for rds 2022-05-06 17:52:04 +02:00
passchanger_rds.sql bugfixes 2022-05-09 17:56:08 +02:00
passchanger.sql bugfixes 2022-05-09 17:56:08 +02:00
password_creator.sh Added password creator helper script 2022-05-06 09:19:52 +02:00
README.md bugfixes 2022-05-09 17:56:08 +02:00

PostgreSQL expiration date management functions

Description

This project tries to find a way to allow users the management of the VALID UNTIL expiration clause by themself. All without granting super permissions and having a histoc of changes on a pseudo-audit table

⚠️ WARNING
Amazon RDS has its own instructions on README_RDS.md
:---------------------------
⚠️ WARNING

Instructions

First deploy

Deploy passchanger.sql on the desired cluster/database.

It will:

  • create a dba schema
  • create a dba role
  • create the pwdhistory table for audit purpouses
  • Grant the minimum permissions for this new role so the whole thing works
  • Create the 2 needed functions and grant permissions on them to dba

Allowing users to use that functions

Take the file grants_to_grant.sql and modify the username dodger so it match the username that should have the permissions. Execute the grants on the cluster/database you have deployed passchanger.sql

Changing password & extending expiration date

The user should just execute:

select dba.change_my_password('YOUR_NEW_GENERATED_PASSWORD_NOT_THIS_ONE') ;

Helper script

I've generated a helper script to make the process easier for users:

dodger@ciberterminal.net $ bash password_creator.sh 
-- CHECK: password check
-- <Wl}TxqRPBQaV_N<rU#A 
-- /CHECK: password check

-- ##############################################
select dba.change_my_password('<Wl}TxqRPBQaV_N<rU#A') ;
-- ##############################################