passwordcheck module checks
users' passwords whenever they are set with CREATE ROLE or ALTER ROLE. If a password is
considered too weak, it will be rejected and the command will
terminate with an error.
To enable this module, add
'$libdir/passwordcheck' to shared_preload_libraries
postgresql.conf, then restart
You can adapt this module to your needs by changing the source
code. For example, you can use CrackLib to check passwords — this only requires
uncommenting two lines in the
Makefile and rebuilding the module. (We cannot
include CrackLib by default for
license reasons.) Without CrackLib, the module enforces a few simple
rules for password strength, which you can modify or extend as
you see fit.
To prevent unencrypted passwords from being sent across the network, written to the server log or otherwise stolen by a database administrator, PostgreSQL allows the user to supply pre-encrypted passwords. Many client programs make use of this functionality and encrypt the password before sending it to the server.
This limits the usefulness of the
passwordcheck module, because in that case it
can only try to guess the password. For this reason,
passwordcheck is not recommended
if your security requirements are high. It is more secure to
use an external authentication method such as GSSAPI (see
than to rely on passwords within the database.
Alternatively, you could modify
passwordcheck to reject pre-encrypted
passwords, but forcing users to set their passwords in clear
text carries its own security risks.
If you see anything in the documentation that is not correct, does not match your experience with the particular feature or requires further clarification, please use this form to report a documentation issue.