diff -r -c -N postgresql-8.5.orig/src/backend/commands/user.c postgresql-8.5/src/backend/commands/user.c
*** postgresql-8.5.orig/src/backend/commands/user.c	2009-09-30 15:10:36.000000000 +0200
--- postgresql-8.5/src/backend/commands/user.c	2009-10-01 14:42:03.000000000 +0200
***************
*** 33,38 ****
--- 33,41 ----
  #include "utils/tqual.h"
  
  
+ /* Hook for plugins to check passwords in CreateRole() and AlterRole() */
+ PGDLLIMPORT check_password_hook_type check_password_hook = NULL;
+ 
  extern bool Password_encryption;
  
  static List *roleNamesToIds(List *memberNames);
***************
*** 297,302 ****
--- 300,316 ----
  						stmt->role)));
  
  	/*
+ 	 * Call the password checking function if there is one defined
+ 	 */
+ 	if (check_password_hook)
+ 	{
+ 		if (! (*check_password_hook)(stmt->role, password))
+ 			ereport(ERROR,
+ 					(errcode(ERRCODE_INVALID_PARAMETER_VALUE),
+ 					 errmsg("password rejected as insecure")));
+ 	}
+ 
+ 	/*
  	 * Build a tuple to insert
  	 */
  	MemSet(new_record, 0, sizeof(new_record));
***************
*** 588,593 ****
--- 602,618 ----
  	}
  
  	/*
+ 	 * Call the password checking function if there is one defined
+ 	 */
+ 	if (check_password_hook)
+ 	{
+ 		if (! (*check_password_hook)(stmt->role, password))
+ 			ereport(ERROR,
+ 					(errcode(ERRCODE_INVALID_PARAMETER_VALUE),
+ 					 errmsg("password rejected as insecure")));
+ 	}
+ 
+ 	/*
  	 * Build an updated tuple, perusing the information just obtained
  	 */
  	MemSet(new_record, 0, sizeof(new_record));
diff -r -c -N postgresql-8.5.orig/src/include/commands/user.h postgresql-8.5/src/include/commands/user.h
*** postgresql-8.5.orig/src/include/commands/user.h	2009-09-30 15:10:41.000000000 +0200
--- postgresql-8.5/src/include/commands/user.h	2009-10-01 14:42:03.000000000 +0200
***************
*** 13,18 ****
--- 13,21 ----
  
  #include "nodes/parsenodes.h"
  
+ /* Hook for plugins to check passwords in CreateRole() and AlterRole() */
+ typedef int(*check_password_hook_type)(char * const username, char * const password);
+ extern PGDLLIMPORT check_password_hook_type check_password_hook;
  
  extern void CreateRole(CreateRoleStmt *stmt);
  extern void AlterRole(AlterRoleStmt *stmt);