public/postgresql_passchanger_function
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
12 Commits 1 Branch 0 Tags 118 KiB
PLpgSQL 72.9%
Shell 27.1%
bea07c5ab7
Go to file
dodger bea07c5ab7
changed pwdhistory table 
added additional fields for more infomation
2022-01-21 17:38:48 +01:00
grants_to_grant.sql grant on change_valid_until 2022-01-05 13:13:27 +01:00
passchanger.sql changed pwdhistory table 2022-01-21 17:38:48 +01:00
README.md chande README, more+ 2022-01-20 10:51:59 +01:00

README.md

PostgreSQL expiration date management functions

Description

This project tries to find a way to allow users the management of the VALID UNTIL expiration clause by themself. All without granting super permissions and having a histoc of changes on a pseudo-audit table

Instructions

First deploy

Deploy passchanger.sql on the desired cluster/database.

It will:

  • create a dba schema
  • create a dba role
  • create the pwdhistory table for audit purpouses
  • Grant the minimum permissions for this new role so the whole thing works
  • Create the 2 needed functions and grant permissions on them to dba

Allowing users to use that functions

Take the file grants_to_grant.sql and modify the username dodger so it match the username that should have the permissions. Execute the grants on the cluster/database you have deployed passchanger.sql

Changing password & extending expiration date

The user should just execute:

select dba.change_my_password('YOUR_NEW_GENERATED_PASSWORD_NOT_THIS_ONE') ;