Re: Rejecting weak passwords
Magnus Hagander <magnus@hagander.net>
From: Magnus Hagander <magnus@hagander.net>
To: Albe Laurenz <laurenz.albe@wien.gv.at>
Cc: "Andrew Dunstan *EXTERN*" <andrew@dunslane.net>, Dave Page <dpage@pgadmin.org>, pgsql-hackers <pgsql-hackers@postgresql.org>
Date: 2009-10-01T13:54:37Z
Lists: pgsql-hackers
On Thu, Oct 1, 2009 at 15:26, Albe Laurenz <laurenz.albe@wien.gv.at> wrote: > Andrew Dunstan wrote: >>>> So here's the patch. >>>> I don't think there is documentation required; >>>> correct me if I am wrong. >>> >>> How will people know how to use it, or that it's even there without at >>> least a note in the docs somewhere? >> >> I'd prefer to have an example as a contrib module, as well as docs. >> Quite apart from anything else, how the heck would we test it without >> such a thing? > > I was not sure because no other hooks were documented anywhere else > than in the code. > > I could add a paragraph in the "auth-password" section of > client-auth.sgml. Or is there a better place? > > I could easily write a simple contrib that adds a check for > username = password if there is interest. I think it's better to have an actually *useful* contrib module for it, if there is one. Meaning perhaps something that links to that cracklib thing mentioned upthread. -- Magnus Hagander Me: http://www.hagander.net/ Work: http://www.redpill-linpro.com/