1

I have to lock users who don t work in the previous three months. I'm very newbie! I looked at the documentation and I do nt think I can do this by configuration. (Is it true?) So I have to develop a daily procedure ( with pgagent?) ,make a query and then lock users but I cant find a system table that has this information. Could you help me? Thanks a lot Gian

Gian Piero
  • 75
  • 1
  • 12

1 Answers1

1

That is correct, the time of the last login is not recorded in the database, only in the log file (if logging is suitably configured).

I think you won't be able to implement this without the aid of the application that uses PostgreSQL. I can think of two possibilities:

  • Create a table where your application records the last login time. Your periodic job can then use that table to decide if it should lock a user.

  • Create a function like this:

    CREATE OR REPLACE FUNCTION expire_me() RETURNS void
   LANGUAGE plpgsql SECURITY DEFINER
   SET search_path = 'pg_catalog' AS
$$BEGIN
   EXECUTE 'ALTER ROLE ' || session_user || ' VALID UNTIL ''' ||
           (current_timestamp + INTERVAL '3 months') || '''';
END;$$;

    The application then calls the function immediately after a user logs in. If the next login is more than three months later, the user will be locked.

Unfortunately there is no such thing as a “login trigger” is PostgreSQL, that would make this much simpler.

Laurenz Albe
  • 209,280
  • 17
  • 206
  • 263
  • thanks Laurenz but I should do this for the security of the database regardless of the applications... perhaps I can make authenticate users with something like PAM (... but I dont know it's a win machine).. Cheers Gian – Gian Piero Jan 27 '17 at 10:23
  • You are right; in that case a solution outside the database is preferrable. – Laurenz Albe Jan 27 '17 at 10:27
  • mmm...PAM I think is not available on win ... Does anyone have experience of authentication systems on windows that can be configured with rules like that?? – Gian Piero Jan 31 '17 at 13:26