Hello.
Recently our security team have wanted to apply password complexity
checks akin to Oracle's profile mechanism to PostgreSQL, checking that a
password hasn't been used in x months etc, has minimum length, x special
characters and x numeric characters, mixed case etc.
As far as I'm aware there's nothing part of the standard 'community
edition' which gives us that, apart from passwordcheck - which doesn't
give you a password history.
Can anyone recommend a good mechanism to accomodate this? Ideally we're
looking for something well-established, reliable, and easily
configurable. Does anything spring to mind?
A colleague has been looking around, and stumbled across
https://github.com/MigOpsRepos/credcheck. Does anyone have any positive
(or negative) experience with this? I'm happy to download and apply to a
test database, obviously, but some indication of whether or not it's
worth looking at first would be greatly appreciated. Is this something
that the community would recommend?
Many thanks!
--
Martin Goodson.
"Have you thought up some clever plan, Doctor?"
"Yes, Jamie, I believe I have."
"What're you going to do?"
"Bung a rock at it."