| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Andrew Dunstan <andrew(at)dunslane(dot)net> |
| Cc: | Alvaro Herrera <alvherre(at)commandprompt(dot)com>, Peter Eisentraut <peter_e(at)gmx(dot)net>, Albe Laurenz <laurenz(dot)albe(at)wien(dot)gv(dot)at>, Bruce Momjian *EXTERN* <bruce(at)momjian(dot)us>, Robert Haas <robertmhaas(at)gmail(dot)com>, Mark Mielke <mark(at)mark(dot)mielke(dot)cc>, Dave Page <dpage(at)pgadmin(dot)org>, Kevin Grittner <Kevin(dot)Grittner(at)wicourts(dot)gov>, Marko Kreen <markokr(at)gmail(dot)com>, Magnus Hagander <magnus(at)hagander(dot)net>, Greg Stark <gsstark(at)mit(dot)edu>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org>, mlortiz <mlortiz(at)uci(dot)cu> |
| Subject: | Re: Rejecting weak passwords |
| Date: | 2009-10-19 17:16:36 |
| Message-ID: | 7747.1255972596@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Andrew Dunstan <andrew(at)dunslane(dot)net> writes:
> Alvaro Herrera wrote:
>> We do, if you have you server grabbing passwords from LDAP or whatever
>> external auth service you use. That would be more secure than anything
>> mentioned in this thread, because the password enforcement could work on
>> unencrypted passwords without adverse consequences.
> We don't have it today for passwords that postgres manages. Unless we're
> going to rely on an external auth source completely, I think there's a
> good case for the hooks, but not for any of the other "adjustments" that
> people have suggested.
Yeah. Installing LDAP or Kerberos or whatever is sensible if you have
a need for a central auth server anyway. If you are just trying to run a
database, it's a major additional investment of effort, and I can't
quibble at all with people who think that it's unreasonable to have to
do that just to have some modicum of a password policy.
I also am of the opinion that it's reasonable to provide a hook or two
for this purpose, but not to go further than that.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Pavel Stehule | 2009-10-19 17:17:52 | Re: Controlling changes in plpgsql variable resolution |
| Previous Message | Dean Rasheed | 2009-10-19 17:07:40 | Re: Scaling up deferred unique checks and the after trigger queue |