Re: Password policy - Mailing list pgsql-hackers

From D'Arcy J.M. Cain
Subject Re: Password policy
Date
Msg-id 20080116103921.783af659.darcy@druid.net
Whole thread Raw
In response to Re: Password policy  (Andrew Dunstan <andrew@dunslane.net>)
List pgsql-hackers
On Wed, 16 Jan 2008 08:32:12 -0500
Andrew Dunstan <andrew@dunslane.net> wrote:
> >> I need to set a basic password policy for accounts but I don't see any
> > Look at my chkpass type in contrib.  There is a function to verify the
> > password.  It is just a placeholder now but you can modify it to do all
> > your checking.
> 
> I assumed he was asking about Postgres level passwords rather than 
> passwords maintained by an application. chkpass is only for the latter.

Could be.  I saw "accounts" and thought Unix shell or ISP accounts.

> ( Slightly OT - chkpass uses crypt(). Maybe that should be upgraded to 
> use md5 or some more modern hashing function. )

Yes, I have said many times that other encryption types could easily be
dropped in. It could even be changed to handle either as long as there
was some way to set the default.  However, these things haven't yet
been a requirement for me so I have not bothered yet.

-- 
D'Arcy J.M. Cain <darcy@druid.net>         |  Democracy is three wolves
http://www.druid.net/darcy/                |  and a sheep voting on
+1 416 425 1212     (DoD#0082)    (eNTP)   |  what's for dinner.


pgsql-hackers by date:

Previous
From: Kenneth Marshall
Date:
Subject: Re: WAL logging of hash indexes
Next
From: "Florian G. Pflug"
Date:
Subject: Re: Transaction Snapshot Cloning