A password profile is a named set of password attributes that allow a DBA to easily manage a group of Postgres roles (or users) that share comparable password requirements. Each profile can be associated with one or more users. When a user connects to the server, the server enforces the profile that is associated with the login role.
Profiles can be used for several important security best practices, including:
- specifying the number of allowable failed login attempts.
- locking an account due to excessive failed login attempts.
- marking a password for expiration.
- defining a grace period after a password expiration.
- defining rules for password complexity, and
- defining rules that limit password reuse.
Watch the video below to learn more!