| From: | Magnus Hagander <magnus(at)hagander(dot)net> |
|---|---|
| To: | Albe Laurenz <laurenz(dot)albe(at)wien(dot)gv(dot)at> |
| Cc: | "Andrew Dunstan *EXTERN*" <andrew(at)dunslane(dot)net>, Dave Page <dpage(at)pgadmin(dot)org>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Rejecting weak passwords |
| Date: | 2009-10-01 13:54:37 |
| Message-ID: | 9837222c0910010654n14f208fcxd05b6b431723bfb1@mail.gmail.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Thu, Oct 1, 2009 at 15:26, Albe Laurenz <laurenz(dot)albe(at)wien(dot)gv(dot)at> wrote:
> Andrew Dunstan wrote:
>>>> So here's the patch.
>>>> I don't think there is documentation required;
>>>> correct me if I am wrong.
>>>
>>> How will people know how to use it, or that it's even there without at
>>> least a note in the docs somewhere?
>>
>> I'd prefer to have an example as a contrib module, as well as docs.
>> Quite apart from anything else, how the heck would we test it without
>> such a thing?
>
> I was not sure because no other hooks were documented anywhere else
> than in the code.
>
> I could add a paragraph in the "auth-password" section of
> client-auth.sgml. Or is there a better place?
>
> I could easily write a simple contrib that adds a check for
> username = password if there is interest.
I think it's better to have an actually *useful* contrib module for
it, if there is one. Meaning perhaps something that links to that
cracklib thing mentioned upthread.
--
Magnus Hagander
Me: http://www.hagander.net/
Work: http://www.redpill-linpro.com/
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Kenneth Marshall | 2009-10-01 14:04:31 | Re: Rejecting weak passwords |
| Previous Message | Stef Walter | 2009-10-01 13:50:06 | Re: Use "samehost" by default in pg_hba.conf? |