On Wed, Oct 14, 2009 at 7:42 PM, Greg Stark <gsst...@mit.edu> wrote: > On Wed, Oct 14, 2009 at 10:28 AM, Bruce Momjian <br...@momjian.us> wrote: >> >> I see three checks we are trying to do on passwords: >> >> 1) Password complexity enforcement/policies >> 2) Password history - you can't reuse a password >> 3) Account disable after X incorrect attempts > > > This whole discussion seems very strange to me. Surely any > organization with rules like this will want them to be system-wide and > will have already implemented them in their PAM and LDAP systems > (assuming their not using Kerberos or something like that anyways).
Because like it or not, this 'feature' is one that people *are* looking for in early stages of evaluations, and it counts against us and can hurt our adoption when we can't tick that box. As an example, after years of only offering password policy management via the NT domain/active directory authentication methods, even Microsoft finally gave in and added policy management for their SQL Server accounts with SQL 2k5. -- Dave Page EnterpriseDB UK: http://www.enterprisedb.com -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
