credcheck v5.0 has been released

Posted on 2026-07-05 by HexaCluster
Related Open Source

Bangkok, Thailand - June 21, 2026

PostgreSQL credcheck extension

The credcheck PostgreSQL extension provides few general credential checks, which will be evaluated during the user creation, during the password change and user renaming. By using this extension, we can define a set of rules:

  • allow a specific set of credentials
  • reject a certain type of credentials
  • deny password that can be easily cracked
  • enforce use of an expiration date with a minimum of day for a password
  • define a password reuse policy
  • define the number of authentication failure allowed before a user is banned
  • define a delay on authentication failures
  • force users to change their password after first login
  • throw a warning N days before when the password user is about to expire

Release 5.0 has been published,

This major release adds compatibility with PostgreSQL v19 and makes password history replication-aware. It also fixes some issues reported by users since last release.

  • Add information about credcheck.disallow_change_password and credcheck.superuser_nocheck use.
  • Disable any CREATE/ALTER ROLE checks for superusers when credcheck.superuser_nocheck is enabled.

Upgrade require a PostgreSQL restart to reload the credcheck library.

Complete list of changes and acknowledgements are available here

Links & Credits

credcheck is an open project under the PostgreSQL license maintained by HexaCluster. Any contribution to build a better tool is welcome. You can send your ideas, features requests or patches using the GitHub tools.

Links :

About credcheck

The credcheck extension is developed and maintained by Gilles Darold at HexaCluster Corp. If you need more information please contact us.

Documentation at https://github.com/HexaCluster/credcheck#readme