Thursday, May 9, 2019

How to unlock users with expired password in postgreSQL


select now()+'90 days' as expiry;
 expiry
-------------------------------
 2019-08-07 10:07:01.172082+02
\gset
alter user jim valid until :'expiry';
ALTER ROLE

The command "\gset" sends the current query buffer to the server and stores the query's output into a psql variable.

After the change, use \du to verify that the password has the correct expiry time:
mydb01=# \du
                                            List of roles
     Role name     |                         Attributes                         |      Member of
-------------------+------------------------------------------------------------+---------------------
 postgres          | Superuser, Create role, Create DB, Replication, Bypass RLS+| {}
                   | Password valid until 2019-01-16 00:00:00+01                |
 superuser         | Superuser                                                 +| {}
                   | Password valid until 2019-08-04 00:00:00+02                |
 jim               | Password valid until 2019-08-07 10:07:03.237862+02         | {}

Use the "\list" command to list databases and access privileges, if desirable:
mydb01=# \list
                                    List of databases
   Name    |  Owner   | Encoding |  Collate   |   Ctype    |      Access privileges
-----------+----------+----------+------------+------------+------------------------------
 postgres  | postgres | UTF8     | en_US.utf8 | en_US.utf8 |
 template0 | postgres | UTF8     | en_US.utf8 | en_US.utf8 | =c/postgres                 +
           |          |          |            |            | postgres=CTc/postgres
 template1 | postgres | UTF8     | en_US.utf8 | en_US.utf8 | =c/postgres                 +
           |          |          |            |            | postgres=CTc/postgres
 mydb01    | jim      | UTF8     | en_US.utf8 | en_US.utf8 | =Tc/jim                     +
           |          |          |            |            | jim=CTc/jim                 +

To give the user a new password, use this syntax:
alter role jim password 'mynewpassword';

Consult the documentation for more information

No comments:

Post a Comment