Re: Rejecting weak passwords

Itagaki Takahiro <itagaki(dot)takahiro(at)oss(dot)ntt(dot)co(dot)jp> writes:
> "Albe Laurenz" <laurenz(dot)albe(at)wien(dot)gv(dot)at> wrote:
>> I agree on the second point, and I changed the patch accordingly.
>> Here's the latest version.

> Looks good. I change status of the patch to "Ready for Committer".

Applied with some minor modifications. Aside from the added valuntil
parameter, I changed the "isencrypted" parameter to an int with some
#define'd values. It seems easily foreseeable that we'll replace the
MD5 encryption scheme someday, and it'd be good to ensure that this
API is extendable when that happens. Also, I got rid of the bool
return value and made the hook responsible for throwing its own errors.
I don't know about you guys, but I would cheerfully kill anybody who
tried to make me use a password checker that didn't tell me anything
about why it thinks my password is too weak. (The CrackLib API we
are using is lamentably badly designed on this score --- does it have
another call that provides a more useful error report?) Even if you
think "weak password" is adequate for that class of complaints, the
single error message would certainly not do for complaints about the
valuntil date being too far away.

regards, tom lane