I'm running a Aurora postgres DB server, and I want to set the password expiration policy so that an user can change his password and it will be expired after 1 month.
I know that I can create an user with password expiration date such as below.
DO
$do$
BEGIN
EXECUTE format($$CREATE USER myuser WITH PASSWORD 'password12345678' VALID UNTIL %L$$, NOW() + interval '1 month');
END
$do$;
However, I don't want to force my users to input VALID UNTIL by themselves, because I don't want to give such controls to my user. I want to guarantee that my users can change password but they should change within a fixed duration.
As an admin, I will create a db user only once. After that, each user uses the db user but they change their passwords whenever a certain period of time passes.
In short, I'm looking for something in postgres that can play the same role as mysql's default_password_lifetime.
Is it possible? How can I achieve this??
There is no way to set a password life time in PostgreSQL. Also, you cannot enforce password complexity rules. If you need any of that, use an authentication method that does not use passwords in the database, but some central identity management solution that can enforce your requirements.