Re: password rules
| От | Gilles Darold |
|---|---|
| Тема | Re: password rules |
| Дата | |
| Msg-id | bb9a5165-6581-458f-9599-258923abb28e@darold.net обсуждение исходный текст |
| Ответ на | Re: password rules (raphi <raphi@crashdump.ch>) |
| Список | pgsql-general |
Le 24/06/2025 à 07:18, raphi a écrit : > > > Am 23.06.2025 um 22:39 schrieb Christoph Berg: >> Re: raphi >>> Sorry for this rather long (first) email on this list but I feel >>> like I had >>> to explain our usecase and why LDAP is not always as simple as >>> adding a line >>> to hba.conf. >> Did you give the "pam" method a try? T > Not really because it's a local solution. How do you change passwords > or keep history on your standby nodes? Besides, the documentation says > that postgres can't handle /etc/shadow because it runs unprivileged, > only pam_ldap would work. Or am I missing something? > > have fun, > raphi I think the credcheck extension has been created to handle the features you are requesting. > - enforce some password complexity and prevent reuse This is already implemented. > - expire a password immediately after creating and prompt the user to change it upon first login try. They can connect with the initial > password but cannot login until they've set a new password. I have started to work some weeks ago and it just need more time to end/polish the job. > the password history is not being replicated to the standby so we can not use it. It is in my TODO list for a year as you noted and will try to implement it this summer. -- Gilles Darold
В списке pgsql-general по дате отправления: