Skip site navigation (1) Skip section navigation (2)

Re: Password Policy

From: Christopher Browne <cbbrowne(at)acm(dot)org>
To: pgsql-admin(at)postgresql(dot)org
Subject: Re: Password Policy
Date: 2007-02-11 05:18:23
Message-ID: 87ejoxgtls.fsf@wolfe.cbbrowne.com (view raw or flat)
Thread:
Lists: pgadmin-supportpgsql-adminpgsql-generalpgsql-sql
In the last exciting episode, ezequias(dot)rocha(at)gmail(dot)com ("Ezequias Rodrigues da Rocha") wrote:
>           Hi list (my first post),
>      
>      Is there any password polity that postgresql implement ?

No, that would be a serious mistake, as it would prevent people from
having local policies that differed from the "PostgreSQL policy."

>      It is possible to put a set all no administrators passwords to
>      = '123456' from times and times ?

I'm not quite certain what you mean by that...

Do you mean you want to be able to set all non-administrators'
passwords to some particular value?

You could do that by setting one user's password to a particular
plaintext form, and then alter the others to match it.

Thus:

alter user stalking_horse password to '123456';
update pg_shadow set passwd = (select passwd from pg_shadow where usename = 'stalking_horse') and not usesuper;

I'm not sure that's an entirely wonderful policy, though.

> Has anyone implement a dinamic password autentication (the password
> changes according the date/month etc of a day ) ?

Well, you could use ident-based authentication, and then use some
wacky method to authenticate the user at the Unix level via PAM...

Changing passwords that often strikes me as being the wrong kind of
approach to this.  Having a flurry of passwords that users can't
possibly remember is a clear route to having passwords sitting on
Post-It notes on cubicles.

I'd be much more inclined to use an unrememberable random password,
stowed in ~/.pgpass, which doesn't need to expire terribly often.

The other option would be to use ssh style keys for authentication;
that isn't possible now, but would be an attractive feature.

> Is there any function to encript, decript plain text in PostgreSQL 
> and if  it is aplicable ?

There is a contrib module, pgcrypto, which is quite suitable for such
purposes...
-- 
output = ("cbbrowne" "@" "gmail.com")
http://linuxfinances.info/info/emacs.html
The purpose of an undergraduate education at MIT is to give you a case
of post-traumatic stress syndrome that won't wear off for forty years.

In response to

pgsql-sql by date

Next:From: Paul LambertDate: 2007-02-11 23:19:20
Subject: COPY FROM query.
Previous:From: Ezequias Rodrigues da RochaDate: 2007-02-10 22:46:38
Subject: Re: Password Policy

pgsql-admin by date

Next:From: Benjamin AraiDate: 2007-02-11 05:41:03
Subject: Re: Priorities for users or queries?
Previous:From: Joshua D. DrakeDate: 2007-02-11 03:06:10
Subject: Re: Priorities for users or queries?

pgadmin-support by date

Next:From: Dave PageDate: 2007-02-11 10:25:57
Subject: Re: pgAdmin3 1.6.2
Previous:From: Ezequias Rodrigues da RochaDate: 2007-02-10 22:46:38
Subject: Re: Password Policy

pgsql-general by date

Next:From: Benjamin AraiDate: 2007-02-11 05:41:03
Subject: Re: Priorities for users or queries?
Previous:From: Denis LussierDate: 2007-02-11 04:39:20
Subject: Re: does anyone have a tool to convert SP'sT-SQL to Postgres

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group