| From: | Christopher Browne <cbbrowne(at)acm(dot)org> |
|---|---|
| To: | pgsql-admin(at)postgresql(dot)org |
| Subject: | Re: Password Policy |
| Date: | 2007-02-11 05:18:23 |
| Message-ID: | 87ejoxgtls.fsf@wolfe.cbbrowne.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgadmin-support pgsql-admin pgsql-general pgsql-sql |
In the last exciting episode, ezequias(dot)rocha(at)gmail(dot)com ("Ezequias Rodrigues da Rocha") wrote:
> Hi list (my first post),
>
> Is there any password polity that postgresql implement ?
No, that would be a serious mistake, as it would prevent people from
having local policies that differed from the "PostgreSQL policy."
> It is possible to put a set all no administrators passwords to
> = '123456' from times and times ?
I'm not quite certain what you mean by that...
Do you mean you want to be able to set all non-administrators'
passwords to some particular value?
You could do that by setting one user's password to a particular
plaintext form, and then alter the others to match it.
Thus:
alter user stalking_horse password to '123456';
update pg_shadow set passwd = (select passwd from pg_shadow where usename = 'stalking_horse') and not usesuper;
I'm not sure that's an entirely wonderful policy, though.
> Has anyone implement a dinamic password autentication (the password
> changes according the date/month etc of a day ) ?
Well, you could use ident-based authentication, and then use some
wacky method to authenticate the user at the Unix level via PAM...
Changing passwords that often strikes me as being the wrong kind of
approach to this. Having a flurry of passwords that users can't
possibly remember is a clear route to having passwords sitting on
Post-It notes on cubicles.
I'd be much more inclined to use an unrememberable random password,
stowed in ~/.pgpass, which doesn't need to expire terribly often.
The other option would be to use ssh style keys for authentication;
that isn't possible now, but would be an attractive feature.
> Is there any function to encript, decript plain text in PostgreSQL
> and if it is aplicable ?
There is a contrib module, pgcrypto, which is quite suitable for such
purposes...
--
output = ("cbbrowne" "@" "gmail.com")
http://linuxfinances.info/info/emacs.html
The purpose of an undergraduate education at MIT is to give you a case
of post-traumatic stress syndrome that won't wear off for forty years.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Dave Page | 2007-02-11 10:25:57 | Re: pgAdmin3 1.6.2 |
| Previous Message | Ezequias Rodrigues da Rocha | 2007-02-10 22:46:38 | Re: Password Policy |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Benjamin Arai | 2007-02-11 05:41:03 | Re: Priorities for users or queries? |
| Previous Message | Joshua D. Drake | 2007-02-11 03:06:10 | Re: Priorities for users or queries? |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Benjamin Arai | 2007-02-11 05:41:03 | Re: Priorities for users or queries? |
| Previous Message | Denis Lussier | 2007-02-11 04:39:20 | Re: does anyone have a tool to convert SP'sT-SQL to Postgres |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Paul Lambert | 2007-02-11 23:19:20 | COPY FROM query. |
| Previous Message | Ezequias Rodrigues da Rocha | 2007-02-10 22:46:38 | Re: Password Policy |