Credcheck version 2.2 released

Posted on 2023-09-17 by Gilles Darold
Related Open Source

Antananarivo, Madagascar - September 16, 2023

PostgreSQL credcheck extension

The credcheck PostgreSQL extension provides few general credential checks, which will be evaluated during the user creation, during the password change and user renaming. By using this extension, we can define a set of rules:

  • allow a specific set of credentials
  • reject a certain type of credentials
  • deny password that can be easily cracked
  • enforce use of an expiration date with a minimum of day for a password
  • define a password reuse policy
  • define the number of authentication failure allowed before a user is banned

Release v2.2 adds a new feature, fixes a major bug with null passwords and fixes some issues reported by users since last release.

  • Add new GUC variable credcheck.whitelist that can be used to set a comma separated list of username to exclude from the password policy check. For example: credcheck.whitelist = 'admin,supuser' will disable any credcheck policy for the users named admin and supuser.
  • Fix PostgreSQL crash when password was set to NULL ALTER USER myuser PASSWORD NULL;
  • Suppress "MD5 password cleared because of role rename" messages. This makes the tests pass on PG12 and 13.
  • Use pg_regress' variant comparison files mechanism.

Extension upgrade requires a PostgreSQL restart to reload the credcheck library.

Complete list of changes and acknowlegments are available here

Links & Credits

credcheck is an open project under the PostgreSQL license created at MigOps Inc, developped and maintained by Gilles Darold. Any contribution to build a better tool is welcome. You can send your ideas, features requests or patches using the GitHub tools.

Links :

About credcheck

The credcheck extension is an original work of MigOps Inc, Since MigOPs is closed Gilles Darold is the official maintainer. If you need more information please contact me

Documentation at