> On 25 Aug 2020, at 12:20, Peter Eisentraut <peter.eisentraut@2ndquadrant.com> wrote:
>
> A user tried to use the cracklib build-time option of the passwordcheck module. This failed, as it turned out
becausethere was no dictionary installed in the right place, but the error was not properly reported, because the
existingcode just throws away the error message from cracklib. Attached is a patch that changes this by logging any
errormessage returned from the cracklib call.
+1 on this, it's also in line with the example documentation from cracklib.
The returned error is potentially a bit misleading now, as it might say claim
that a strong password is easily cracked if the dictionary fails load. Given
that there is no way to distinguish between the class of returned errors it's
hard to see how we can do better though.
While poking at this, we might as well update the docs to point to the right
URL for CrackLib as it moved from Sourceforge five years ago. The attached
diff fixes that.
cheers ./daniel
