credcheck v1.0 released

April 06, 2023

## PostgreSQL credcheck extension

The credcheck PostgreSQL extension provides general credential checks, which will be evaluated during the user creation, during the password change and user renaming. By using this extension, a set of rules can be defined:

* allow a specific set of credentials
* reject a certain type of credentials
* enforce use of an expiration date with a minimum of day for a password
* define a password reuse policy

New release v1.0 adds a major feature called **Password Reuse Policy** and the ability to force the use of an expiration date for a password. It also prevent PostgreSQL to expose the password in the logs in case of error and fixes some issues reported by users since the past 6 months.

* Add Password Reuse Policy feature. This implementation use a dedicated shared memory storage to share the password history between all database. It requires credcheck to loaded through `shared_preload_libraries` in postgresql.conf. The behavior of this feature can controlled by two settings:

* `credcheck.password_reuse_history`: number of distinct passwords set before a password can be reused.

* `credcheck.password_reuse_interval`: amount of time it takes before a password can be reused again.

* Add possibility to enforce the use of an expiration date for a password with a life time of a specific number of days. Example: `credcheck.password_valid_until = 60` the password life time must be at least of two months.

* Allow credcheck to check the user name in `CREATE USER` statement without option `PASSWORD`.

* Force credcheck settings to be set/changed only by a superuser.

* Fix detection of the `VALID UNTIL` clause in `CREATE ROLE`.

* Force PostgreSQL to not expose the password in the log when an error in CREATE/ALTER role occurs. This behavior can be disabled by setting the custom variable `credcheck.no_password_logging` to off.

* Use errcode `ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION (28000)` for most error messages.

Complete list of changes is available [here](https://github.com/MigOpsRepos/credcheck/blob/v1.0/ChangeLog)

## Links & Credits

credcheck is an open project under the PostgreSQL license created at [MigOps Inc](https://migops.com/).
Any contribution to build a better tool is welcome. You can send your ideas, features requests or patches
using the GitHub tools.

* Download: [https://github.com/MigOpsRepos/credcheck/releases/](https://github.com/MigOpsRepos/credcheck/releases/)
* Support: use GitHub report tool at [https://github.com/MigOpsRepos/credcheck/issues](https://github.com/MigOpsRepos/credcheck/issues)

## About credcheck

The credcheck extension is an original work of [MigOps Inc](https://migops.com/), MigOPs is specialized in migration to PostgreSQL and PostgreSQL support. If you need more information please [contact us](https://www.migops.com/contact-us/)

Documentation at [https://github.com/MigOpsRepos/credcheck#readme](https://github.com/MigOpsRepos/credcheck#readme)