Andrew Dunstan <and...@dunslane.net> writes: > Alvaro Herrera wrote: >> We do, if you have you server grabbing passwords from LDAP or whatever >> external auth service you use. That would be more secure than anything >> mentioned in this thread, because the password enforcement could work on >> unencrypted passwords without adverse consequences.
> We don't have it today for passwords that postgres manages. Unless we're > going to rely on an external auth source completely, I think there's a > good case for the hooks, but not for any of the other "adjustments" that > people have suggested. Yeah. Installing LDAP or Kerberos or whatever is sensible if you have a need for a central auth server anyway. If you are just trying to run a database, it's a major additional investment of effort, and I can't quibble at all with people who think that it's unreasonable to have to do that just to have some modicum of a password policy. I also am of the opinion that it's reasonable to provide a hook or two for this purpose, but not to go further than that. regards, tom lane -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers