Re: Maximum password length - Mailing list pgsql-hackers

From Bossart, Nathan
Subject Re: Maximum password length
Date
Msg-id 9E742FB1-6679-4ECD-B504-2DD99EC23928@amazon.com
Whole thread Raw
In response to Re: Maximum password length  (Isaac Morland <isaac.morland@gmail.com>)
Responses Re: Maximum password length
List pgsql-hackers
Hi Isaac,

On 10/12/18, 4:04 PM, "Isaac Morland" <isaac.morland@gmail.com> wrote:
> I agree there should be a specific limit that is the same in libpq,
> on the server, and in the protocol. Maybe 128 characters, to get a
> nice round number? This is still way longer than the 32-byte SHA 256
> hash. Or 64, which is still plenty but doesn't involve extending the
> current character buffer size to a longer value while still hugely
> exceeding the amount of information in the hash.

My main motivation for suggesting the increase to 8k is to provide
flexibility for alternative authentication methods like LDAP, RADIUS,
PAM, and BSD.

Nathan


pgsql-hackers by date:

Previous
From: Stephen Frost
Date:
Subject: Re: Maximum password length
Next
From: Stephen Frost
Date:
Subject: Re: Maximum password length