Re: passwordcheck: Log cracklib diagnostics
Laurenz Albe <laurenz.albe@cybertec.at>
From: Laurenz Albe <laurenz.albe@cybertec.at>
To: Daniel Gustafsson <daniel@yesql.se>, Peter Eisentraut <peter.eisentraut@2ndquadrant.com>
Cc: pgsql-hackers <pgsql-hackers@postgresql.org>
Date: 2020-08-25T13:32:18Z
Lists: pgsql-hackers
On Tue, 2020-08-25 at 13:48 +0200, Daniel Gustafsson wrote: > > On 25 Aug 2020, at 12:20, Peter Eisentraut <peter.eisentraut@2ndquadrant.com> wrote: > > > > A user tried to use the cracklib build-time option of the passwordcheck module. This failed, as it turned out because there was no dictionary installed in the right place, but the error was not > > properly reported, because the existing code just throws away the error message from cracklib. Attached is a patch that changes this by logging any error message returned from the cracklib call. > > +1 on this, it's also in line with the example documentation from cracklib. > The returned error is potentially a bit misleading now, as it might say claim > that a strong password is easily cracked if the dictionary fails load. Given > that there is no way to distinguish between the class of returned errors it's > hard to see how we can do better though. > > While poking at this, we might as well update the docs to point to the right > URL for CrackLib as it moved from Sourceforge five years ago. The attached > diff fixes that. +1 on both patches. Yours, Laurenz Albe
Commits
-
doc: Update cracklib URL
- 42aaed60c83f 14.0 landed
-
passwordcheck: Log cracklib diagnostics
- 924123a87f40 14.0 landed