blob: 0d89bb95b9de4bc994639118ce9b81e63400cb42 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
|
<!-- doc/src/sgml/passwordcheck.sgml -->
<sect1 id="passwordcheck" xreflabel="passwordcheck">
<title>passwordcheck</title>
<indexterm zone="passwordcheck">
<primary>passwordcheck</primary>
</indexterm>
<para>
The <filename>passwordcheck</filename> module checks users' passwords
whenever they are set with
<xref linkend="sql-createrole"/> or
<xref linkend="sql-alterrole"/>.
If a password is considered too weak, it will be rejected and
the command will terminate with an error.
</para>
<para>
To enable this module, add <literal>'$libdir/passwordcheck'</literal>
to <xref linkend="guc-shared-preload-libraries"/> in
<filename>postgresql.conf</filename>, then restart the server.
</para>
<para>
You can adapt this module to your needs by changing the source code.
For example, you can use
<ulink url="https://github.com/cracklib/cracklib">CrackLib</ulink>
to check passwords — this only requires uncommenting
two lines in the <filename>Makefile</filename> and rebuilding the
module. (We cannot include <productname>CrackLib</productname>
by default for license reasons.)
Without <productname>CrackLib</productname>, the module enforces a few
simple rules for password strength, which you can modify or extend
as you see fit.
</para>
<caution>
<para>
To prevent unencrypted passwords from being sent across the network,
written to the server log or otherwise stolen by a database administrator,
<productname>PostgreSQL</productname> allows the user to supply
pre-encrypted passwords. Many client programs make use of this
functionality and encrypt the password before sending it to the server.
</para>
<para>
This limits the usefulness of the <filename>passwordcheck</filename>
module, because in that case it can only try to guess the password.
For this reason, <filename>passwordcheck</filename> is not
recommended if your security requirements are high.
It is more secure to use an external authentication method such as GSSAPI
(see <xref linkend="client-authentication"/>) than to rely on
passwords within the database.
</para>
<para>
Alternatively, you could modify <filename>passwordcheck</filename>
to reject pre-encrypted passwords, but forcing users to set their
passwords in clear text carries its own security risks.
</para>
</caution>
</sect1>
|