Re: Rejecting weak passwords

Andrew Dunstan <andrew@dunslane.net>

From: Andrew Dunstan <andrew@dunslane.net>
To: Alvaro Herrera <alvherre@commandprompt.com>
Cc: Tom Lane <tgl@sss.pgh.pa.us>, Peter Eisentraut <peter_e@gmx.net>, Albe Laurenz <laurenz.albe@wien.gv.at>, Bruce Momjian *EXTERN* <bruce@momjian.us>, Robert Haas <robertmhaas@gmail.com>, Mark Mielke <mark@mark.mielke.cc>, Dave Page <dpage@pgadmin.org>, Kevin Grittner <Kevin.Grittner@wicourts.gov>, Marko Kreen <markokr@gmail.com>, Magnus Hagander <magnus@hagander.net>, Greg Stark <gsstark@mit.edu>, pgsql-hackers <pgsql-hackers@postgresql.org>, mlortiz <mlortiz@uci.cu>
Date: 2009-10-19T16:37:19Z
Lists: pgsql-hackers

Alvaro Herrera wrote:
>> Except that your first statement is false.  It is not possible currently
>> for any tool to prevent someone from doing ALTER USER joe PASSWORD joe.
>> A server-side plugin can provide a guarantee that there are no bad
>> passwords (for some value of bad, and with some possible adverse
>> consequences).  We don't have that today.
>>     
>
> We do, if you have you server grabbing passwords from LDAP or whatever
> external auth service you use.  That would be more secure than anything
> mentioned in this thread, because the password enforcement could work on
> unencrypted passwords without adverse consequences.
>   

We don't have it today for passwords that postgres manages. Unless we're 
going to rely on an external auth source completely, I think there's a 
good case for the hooks, but not for any of the other "adjustments" that 
people have suggested.


cheers

andrew