The EDB Blog
April 9, 2019

How to Manage a Password: Life Time, Grace Time, and Rules

In Part 1, I have explained how FAILED_LOGIN_ATTEMPTS and PASSWORD_LOCK_TIME can be used to record user logins. In this post, I will explain how to manage a password including its life time, grace time along with enforcing certain rules on the password phrase.


PASSWORD_LIFE_TIME specifies the number of days that the current password is valid and usable. After this period, the password expires and the user needs to change their password. PASSWORD_GRACE_TIME specifies the number of days an old password can still be used (after the period specified by PASSWORD_LIFE_TIME elapses) to log on to the system. Post this period, the user can only log on to the system but won’t be able to execute any query other than the one which changes his/her own password. Note that when a password is within the grace period, a warning will be issued at every user login.

Let's demonstrate this by altering our profile's PASSWORD_LIFE_TIME to seven days and PASSWORD_GRACE_TIME to one day. This means, once a new password is created it will remain valid for seven days plus a one-day grace period.

>>Continue reading Managing Roles with Password Profiles (Part 2) on Postgres Rocks.


Every #TechTuesday, EnterpriseDB shares a how-to post authored by a Postgres contributor and expert for Postgres Gems, the PostgresRocks community forum. PostgresRocks is a community to discuss all things Postgres. Join us at PostgresRocks and be part of the conversation.'s picture

Technical Architect, EnterpriseDB