Re: Rejecting weak passwords

Magnus Hagander <magnus@hagander.net>

From: Magnus Hagander <magnus@hagander.net>
To: Albe Laurenz <laurenz.albe@wien.gv.at>
Cc: "Andrew Dunstan *EXTERN*" <andrew@dunslane.net>, Dave Page <dpage@pgadmin.org>, pgsql-hackers <pgsql-hackers@postgresql.org>
Date: 2009-10-01T13:54:37Z
Lists: pgsql-hackers
On Thu, Oct 1, 2009 at 15:26, Albe Laurenz <laurenz.albe@wien.gv.at> wrote:
> Andrew Dunstan wrote:
>>>> So here's the patch.
>>>> I don't think there is documentation required;
>>>> correct me if I am wrong.
>>>
>>> How will people know how to use it, or that it's even there without at
>>> least a note in the docs somewhere?
>>
>> I'd prefer to have an example as a contrib module, as well as docs.
>> Quite apart from anything else, how the heck would we test it without
>> such a thing?
>
> I was not sure because no other hooks were documented anywhere else
> than in the code.
>
> I could add a paragraph in the "auth-password" section of
> client-auth.sgml. Or is there a better place?
>
> I could easily write a simple contrib that adds a check for
> username = password if there is interest.

I think it's better to have an actually *useful* contrib module for
it, if there is one. Meaning perhaps something that links to that
cracklib thing mentioned upthread.

-- 
 Magnus Hagander
 Me: http://www.hagander.net/
 Work: http://www.redpill-linpro.com/