Documentation - V-233613

Title

PostgreSQL must automatically terminate a user session after organization-defined conditions or trigger events requiring session disconnect.

Description

<VulnDiscussion>This addresses the termination of user-initiated logical sessions in contrast to the termination of network connections that are associated with communications sessions (i.e., network disconnect). A logical session (for local, network, and remote access) is initiated whenever a user (or process acting on behalf of a user) accesses an organizational information system. Such user sessions can be terminated (and thus terminate user access) without terminating network sessions. Ses...

Fix Text (Documentation Requirement)

Configure PostgreSQL to automatically terminate a user session after organization-defined conditions or trigger events requiring session termination. Examples follow. ### Change a role to nologin and disconnect the user ALTER ROLE '<username>' NOLOGIN; SELECT pg_terminate_backend(pid) FROM pg_stat_activity WHERE usename='<usename>'; ### Disconnecting users during a specific time range See supplementary content APPENDIX-A for a bash script for this example. The script found in APPENDIX-A using the -l command can disable all users with rolcanlogin=t from logging in. The script keeps track of who it disables in a .restore_login file. After the specified time is over, the same script can be run with the -r command to restore all login connections. This script would be added to a cron job...