Re: Password complexity/history - credcheck?

Ron <ronljohnsonjr@gmail.com>

From: Ron Johnson <ronljohnsonjr@gmail.com>
To: pgsql-general <pgsql-general@postgresql.org>
Date: 2024-06-23T02:38:12Z
Lists: pgsql-general
On Sat, Jun 22, 2024 at 7:28 PM Martin Goodson <kaemaril@googlemail.com>
wrote:

> Hello.
>
> Recently our security team have wanted to apply password complexity
> checks akin to Oracle's profile mechanism to PostgreSQL, checking that a
> password hasn't been used in x months


There would have to be a pg_catalog table which stores login history.


> etc, has minimum length, x special
> characters and x numeric characters, mixed case etc.
>

Is that an after-the-fact scanner (with all the problems Tom mentioned), or
is it a client-side "check while you're typing in the *new* password"
scanner?