Request to Enforce the password Strength for PostgreSQL Databases - Mailing list pgsql-general

Hi Team,

In Marsh we have the PostgreSQL Databases 9.5.6 version. As per my review of the postgresql direct site & some of the blogs , I see the default limits are below:

• minimum 8 characters
• password cannot contain username
• it must contain at least 1 letter and and least 1 non-letter

As per our Organization standards, we need to have the below limitations:

1. Password length should be minimum of 15 characters.
2. Password should contain at least one digit, one upper and lower case character and one punctuation.
3. New Password should differ by atleast 3 characters.

Can you please help if we can modify the content in  “passwordcheck.dll” lib if possible to set the above standards and how? Also, if the current PostgreSQL DB 9.5.6 version does not have feasibility and is there any future versions which contains these changes?

I see using “cracklib” we can modify the parameters in the “passwordcheck.dll”. Can you please help how we can implement this ?

Referenced URLS:

https://www.depesz.com/2009/12/17/waiting-for-8-5-checking-password-strength/

https://www.postgresql.org/docs/current/static/passwordcheck.html

Thanks for your support in advance.

Thanks.

Regards,

Vijay Goli, Shared Services – DBA- North America

Marsh | Global IT & Operations | Global Service Delivery
121 River St, Hoboken, NJ 07030, USA
Phone: +(201)-284-6221 | Mobile: + (201)-595-9779 | vijay.goli@marsh.com

www.marsh.com