Thread

  1. Re: PostgreSQL db password policy

    sudesh mohane <smohane@gmail.com> — 2018-12-04T11:45:25Z

    > Hello Team,
    >
    > We are using  PostgreSQL   db for one of our projects. By default DB
    > accepts any password. However client need password policy.
    >
    > We want to implement password policy (e.g. password expiry, password
    > length etc) in PostgreSQL.
    >
    > Can you please advise how to achieve this in PostgreSQL ?
    >
    > Regards,
    > Sudesh Mohane
    >
    
  2. Re: PostgreSQL db password policy

    Anthony Sotolongo <asotolongo@gmail.com> — 2018-12-04T14:57:53Z

    Hi Sudesh Mohane
    
    that's not an error, then this is not the list
    
    by the way, you can check passwordcheck extension
    https://www.postgresql.org/docs/11/passwordcheck.html
    
    or check the extension passwordcheck_extra,  by M. Paquier
    
    
    https://github.com/michaelpq/pg_plugins/tree/master/passwordcheck_extra
    
    
    password expiry you can use crear user with VALID UNTIL option
    
    
    Regards
    
    
    El mar., 4 dic. 2018 a las 10:05, sudesh mohane (<smohane@gmail.com>)
    escribió:
    
    >
    > Hello Team,
    >>
    >> We are using  PostgreSQL   db for one of our projects. By default DB
    >> accepts any password. However client need password policy.
    >>
    >> We want to implement password policy (e.g. password expiry, password
    >> length etc) in PostgreSQL.
    >>
    >> Can you please advise how to achieve this in PostgreSQL ?
    >>
    >> Regards,
    >> Sudesh Mohane
    >>
    >
    
  3. Re: PostgreSQL db password policy

    David Fetter <david@fetter.org> — 2018-12-04T19:32:18Z

    On Tue, Dec 04, 2018 at 05:15:25PM +0530, sudesh mohane wrote:
    > > Hello Team,
    > >
    > > We are using  PostgreSQL   db for one of our projects. By default DB
    > > accepts any password. However client need password policy.
    > >
    > > We want to implement password policy (e.g. password expiry, password
    > > length etc) in PostgreSQL.
    
    Unless your client has regulatory requirements for password
    expiration, you should discourage them in the strongest possible terms
    from implementing one.
    
    https://www.microsoft.com/en-us/research/wp-content/uploads/2016/02/SoLongAndNoThanks.pdf
    
    Best,
    David.
    -- 
    David Fetter <david(at)fetter(dot)org> http://fetter.org/
    Phone: +1 415 235 3778
    
    Remember to vote!
    Consider donating to Postgres: http://www.postgresql.org/about/donate
    
    
    
  4. Re: PostgreSQL db password policy

    Michael Paquier <michael@paquier.xyz> — 2018-12-05T01:08:17Z

    On Tue, Dec 04, 2018 at 11:57:53AM -0300, Anthony Sotolongo wrote:
    > or check the extension passwordcheck_extra,  by M. Paquier
    > https://github.com/michaelpq/pg_plugins/tree/master/passwordcheck_extra
    > 
    > password expiry you can use crear user with VALID UNTIL option
    
    That's one possibility, I have no idea if anybody is packaging it
    and I don't have any plans to submit new RPMs, so if this is not
    available you will need to compile it yourself.  Even with that, I think
    that you had better avoid passing a raw password string through the
    network.
    --
    Michael