| From: | Magnus Hagander <magnus(at)hagander(dot)net> |
|---|---|
| To: | Andrew Dunstan <andrew(at)dunslane(dot)net> |
| Cc: | mlortiz <mlortiz(at)uci(dot)cu>, Albe Laurenz <laurenz(dot)albe(at)wien(dot)gv(dot)at>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Rejecting weak passwords |
| Date: | 2009-09-28 14:24:17 |
| Message-ID: | 9837222c0909280724i4936f0d2rfa5577ccdbc2af91@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
2009/9/28 Andrew Dunstan <andrew(at)dunslane(dot)net>:
>
>
> Ing. Marcos L. Ortíz Valmaseda wrote:
>>>
>>> My vote is for #3, if anything.
>>>
>>>
>> You have to analyze all points before to do this. I vote too for the third option, but you have to be clear that how do you ´ll check the weakness of the password:
>> 1- For example: the length should be greater that 6 char..
>> 2- The password should be have a combination fo numbers, letters and others dots
>>
>> Things like that you have to think very well, or to do a question to the list asking which are the best options.
>>
>> I think the same about the PAM and LDAP auth
>>
>>
>
> I'm voting for #3 precisely so postgres doesn't have to think about it, and the module author will do all the work implementing whatever rules they want to enforce.
That makes a lot of sense. Then we could perhaps ship a cracklib2
provider in contrib.
--
Magnus Hagander
Me: http://www.hagander.net/
Work: http://www.redpill-linpro.com/
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2009-09-28 14:43:28 | Re: syslog_line_prefix |
| Previous Message | Andrew Dunstan | 2009-09-28 13:54:56 | Re: Rejecting weak passwords |