Re: Rejecting weak passwords

Tom Lane <tgl@sss.pgh.pa.us>

From: Tom Lane <tgl@sss.pgh.pa.us>
To: Andrew Dunstan <andrew@dunslane.net>
Cc: Alvaro Herrera <alvherre@commandprompt.com>, Peter Eisentraut <peter_e@gmx.net>, Albe Laurenz <laurenz.albe@wien.gv.at>, Bruce Momjian *EXTERN* <bruce@momjian.us>, Robert Haas <robertmhaas@gmail.com>, Mark Mielke <mark@mark.mielke.cc>, Dave Page <dpage@pgadmin.org>, Kevin Grittner <Kevin.Grittner@wicourts.gov>, Marko Kreen <markokr@gmail.com>, Magnus Hagander <magnus@hagander.net>, Greg Stark <gsstark@mit.edu>, pgsql-hackers <pgsql-hackers@postgresql.org>, mlortiz <mlortiz@uci.cu>
Date: 2009-10-19T17:16:36Z
Lists: pgsql-hackers
Andrew Dunstan <andrew@dunslane.net> writes:
> Alvaro Herrera wrote:
>> We do, if you have you server grabbing passwords from LDAP or whatever
>> external auth service you use.  That would be more secure than anything
>> mentioned in this thread, because the password enforcement could work on
>> unencrypted passwords without adverse consequences.

> We don't have it today for passwords that postgres manages. Unless we're 
> going to rely on an external auth source completely, I think there's a 
> good case for the hooks, but not for any of the other "adjustments" that 
> people have suggested.

Yeah.  Installing LDAP or Kerberos or whatever is sensible if you have
a need for a central auth server anyway.  If you are just trying to run a
database, it's a major additional investment of effort, and I can't
quibble at all with people who think that it's unreasonable to have to
do that just to have some modicum of a password policy.

I also am of the opinion that it's reasonable to provide a hook or two
for this purpose, but not to go further than that.

			regards, tom lane