Re: Maximum password length

Stephen Frost <sfrost@snowman.net>

From: Stephen Frost <sfrost@snowman.net>
To: "Bossart, Nathan" <bossartn@amazon.com>
Cc: Isaac Morland <isaac.morland@gmail.com>, PostgreSQL Hackers <pgsql-hackers@postgresql.org>
Date: 2018-10-12T21:23:38Z
Lists: pgsql-hackers
Greetings,

* Bossart, Nathan (bossartn@amazon.com) wrote:
> On 10/12/18, 4:04 PM, "Isaac Morland" <isaac.morland@gmail.com> wrote:
> > I agree there should be a specific limit that is the same in libpq,
> > on the server, and in the protocol. Maybe 128 characters, to get a
> > nice round number? This is still way longer than the 32-byte SHA 256
> > hash. Or 64, which is still plenty but doesn't involve extending the
> > current character buffer size to a longer value while still hugely
> > exceeding the amount of information in the hash.
> 
> My main motivation for suggesting the increase to 8k is to provide
> flexibility for alternative authentication methods like LDAP, RADIUS,
> PAM, and BSD.

Specific use-cases here would be better than hand-waving at "these other
things."  Last I checked, all of those work with what we've got today
and I don't recall hearing complaints about them not working due to this
limit.

Thanks!

Stephen

Commits

  1. Remove arbitrary restrictions on password length.

  2. Remove support for password_encryption='off' / 'plain'.