Re: Rejecting weak passwords

Albe Laurenz <laurenz.albe@wien.gv.at>

From: "Albe Laurenz" <laurenz.albe@wien.gv.at>
To: "Andrew Dunstan *EXTERN*" <andrew@dunslane.net>, "Dave Page" <dpage@pgadmin.org>
Cc: "pgsql-hackers" <pgsql-hackers@postgresql.org>
Date: 2009-10-01T13:26:59Z
Lists: pgsql-hackers
Andrew Dunstan wrote:
>>> So here's the patch.
>>> I don't think there is documentation required;
>>> correct me if I am wrong.
>>
>> How will people know how to use it, or that it's even there without at
>> least a note in the docs somewhere?
> 
> I'd prefer to have an example as a contrib module, as well as docs. 
> Quite apart from anything else, how the heck would we test it without 
> such a thing?

I was not sure because no other hooks were documented anywhere else
than in the code.

I could add a paragraph in the "auth-password" section of
client-auth.sgml. Or is there a better place?

I could easily write a simple contrib that adds a check for
username = password if there is interest.

Yours,
Laurenz Albe