Re: password rules

Greg Sabino Mullane <htamfids@gmail.com>

From: Greg Sabino Mullane <htamfids@gmail.com>
To: raphi <raphi@crashdump.ch>
Cc: Tom Lane <tgl@sss.pgh.pa.us>, pgsql-general@lists.postgresql.org
Date: 2025-06-24T23:20:21Z
Lists: pgsql-general
On Mon, Jun 23, 2025 at 2:45 PM raphi <raphi@crashdump.ch> wrote:

> As of now though we cannot use PG for any PCI/DSS certified application
> because we can't enforce either complexity nor regular password changes,
>

You can, and many, many companies do, but you need a modern auth system
like Kerberos. Even if we were to put something into Postgres today (and
given the MFA and re-use requirements, it's near impossible), PCI DSS keeps
evolving and getting stricter, so keeping up with it would get harder with
each release.

Can I do something to help bringing these feature into PG? My C knowledge
> is very limited so I won't be able to provide a patch but I'd be more than
> happy to test it.


Your energy would be much better used in bringing Kerberos into your
organization. :)

Cheers,
Greg

--
Crunchy Data - https://www.crunchydata.com
Enterprise Postgres Software Products & Tech Support