v.24.11New Feature

Allow Authentication Methods to Have Individual Expiration Dates

Published: November 25, 2025

Allow each authentication method to have its own expiration date, remove from user entity. #70090 (Arthur Passos).

Allow each authentication method to have its own expiration date, removing expiration from the user entity.

Why it matters

This feature improves security and flexibility in ClickHouse authentication by enabling individual expiration dates for each authentication method rather than a single expiration date at the user level. This allows finer control over credential validity and simplifies credential management for users.

How to use it

Users can set expiration dates on each authentication method separately in the user configuration files or through appropriate SQL statements managing authentication settings. The global expiration field on the user entity is removed, so expiration is managed per authentication method.

Related resources

Pull Request #70090