Re: password strength verification

rexmabry(at)yahoo(dot)com (Rex Mabry) writes:
> If a company requires a password to be a combination of letters,
> numbers and special characters. Oracle has a profile setting with a
> password verify function that can be used to specify a function
> that can do this.  Does postgres have a setting or function to
> verify and enforce a password policy?  I am very familiar with
> pg_hba.conf, but I am looking specifically at passwords.

If I were wanting to enforce this, I think I'd do it via PAM.

That is, I would configure PostgreSQL to use the PAM service (METHOD =
"pam", OPTION = name of PAM service), and configure these requirements
into the PAM service.

There are several alternative indirections available:
- LDAP authentication would allow you to manage password policy
in the LDAP instance, quite independent of PostgreSQL.

- krb5 indicates use of Kerberos, which would, again, keep passwords
out of PostgreSQL altogether.

With all of these options being readily available for using
centralized authorization management and policy, I don't see any
particular value in duplicating low level security policy mechanisms
in PostgreSQL.
--
output = ("cbbrowne" "@" "cbbrowne.com")
http://linuxdatabases.info/info/postgresql.html
"Well, I wish you'd just tell me rather than trying to engage my
enthusiasm, because I haven't got one." -- Marvin the Paranoid Android