Re: Rejecting weak passwords
Ron Mayer <rm_pg@cheapcomplexdevices.com>
From: Ron Mayer <rm_pg@cheapcomplexdevices.com>
To: Dave Page <dpage@pgadmin.org>
Cc: Mark Mielke <mark@mark.mielke.cc>, Robert Haas <robertmhaas@gmail.com>, Tom Lane <tgl@sss.pgh.pa.us>, Kevin Grittner <Kevin.Grittner@wicourts.gov>, Andrew Dunstan <andrew@dunslane.net>, Marko Kreen <markokr@gmail.com>, Magnus Hagander <magnus@hagander.net>, Greg Stark <gsstark@mit.edu>, Bruce Momjian <bruce@momjian.us>, pgsql-hackers <pgsql-hackers@postgresql.org>, mlortiz <mlortiz@uci.cu>, Albe Laurenz <laurenz.albe@wien.gv.at>
Date: 2009-10-15T21:40:16Z
Lists: pgsql-hackers
Dave Page wrote: > I never said it wasn't - in fact I said from the outset it was about > box-checking, and that anyone doing things properly will use > LDAP/SSPI/Kerberos etc. I don't understand why the box-checkers can't already check that box; with the explanation stating "Yes - by using LDAP or GSSAPI or PAM configured accordingly". Or do checkbox-lists specifically say "can postgres do XYZ with all OS security features disabled". > Anyway, as noted in the message you quoted, the current proposal will > allow my colleagues to check boxes, and will be implemented in a > sensible way on the server side. And it's entirely confined to a > plugin, so if you trust all your users, there's no need for you to > load it at all. Note that I'm not horribly against the feature (though I wouldn't use it) --- just that ISTM we're checkbox-compliant already by working with the OS, and it's perhaps more a documentation issue than coding issue to get those boxes checked.