Re: passwordcheck: Log cracklib diagnostics - Mailing list pgsql-hackers

From Laurenz Albe
Subject Re: passwordcheck: Log cracklib diagnostics
Date
Msg-id 48637f956e427fb34bc6ecd7a51872ab9683318f.camel@cybertec.at
Whole thread Raw
In response to Re: passwordcheck: Log cracklib diagnostics  (Daniel Gustafsson <daniel@yesql.se>)
Responses Re: passwordcheck: Log cracklib diagnostics
List pgsql-hackers
On Tue, 2020-08-25 at 13:48 +0200, Daniel Gustafsson wrote:
> > On 25 Aug 2020, at 12:20, Peter Eisentraut <peter.eisentraut@2ndquadrant.com> wrote:
> > 
> > A user tried to use the cracklib build-time option of the passwordcheck module.  This failed, as it turned out
becausethere was no dictionary installed in the right place, but the error was not
 
> > properly reported, because the existing code just throws away the error message from cracklib.  Attached is a patch
thatchanges this by logging any error message returned from the cracklib call.
 
> 
> +1 on this, it's also in line with the example documentation from cracklib.
> The returned error is potentially a bit misleading now, as it might say claim
> that a strong password is easily cracked if the dictionary fails load.  Given
> that there is no way to distinguish between the class of returned errors it's
> hard to see how we can do better though.
> 
> While poking at this, we might as well update the docs to point to the right
> URL for CrackLib as it moved from Sourceforge five years ago.  The attached
> diff fixes that.

+1 on both patches.

Yours,
Laurenz Albe




pgsql-hackers by date:

Previous
From: Heikki Linnakangas
Date:
Subject: Re: Refactor pg_rewind code and make it work against a standby
Next
From: Daniel Gustafsson
Date:
Subject: Move OpenSSL random under USE_OPENSSL_RANDOM