Peter Eisentraut wrote: >> I don't get why you need 'password' authentication for that. >> The point where the password should be checked is not when >> the user uses it to logon, but when he or she changes it. >> >> So in my opinion that should be: >> This facility will require to send new and changed password to >> the server in plain-text, so it will require SSL, and the use >> of encrypted passwords in CREATE/ALTER ROLE will have to be >> disabled. > > Note that this solution will still not satisfy the original checkbox > requirement.
I guess I misunderstood something there, but I had assumed that the checkbox item read something like: "Does the product offer password policy enforcement?" (to quote Dave Page). I understood that to mean "does the server check if a new password complies with a certain set of rules". Yours, Laurenz Albe -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers