On 1 September 2010 09:54, Machiel Richards <machielr@rdc.co.za> wrote:
> Good day all....
>
> I hope that someone can help me out with this one question quickly....
>
> I am busy setting up a security compliance report for one of our
> clients and one of the things to check is the following:
>
> - Check that no password is equal to the user name or some "initial standard
> password" that your company uses.
>
> Can someone perhaps assist me on how to check this?
>
>
> I would really appreciate help on this as this is the only method I have
> not figured out yet.
You can find out if this rule is already violated by running:
SELECT usename
FROM pg_shadow
WHERE passwd = 'md5' || md5(usename)
OR passwd = 'md5' || md5('company_password');
I don't think password checks are available until 9.0.
--
Thom Brown
Twitter: @darkixion
IRC (freenode): dark_ixion
Registered Linux user: #516935
