public inbox for [email protected]
help / color / mirror / Atom feedFrom: HexaCluster via PostgreSQL Announce <[email protected]>
To: PostgreSQL Announce <[email protected]>
Subject: Credcheck version 2.4 released
Date: Tue, 30 Jan 2024 15:11:22 +0000
Message-ID: <[email protected]> (raw)
Grenoble - January 30, 2024
## PostgreSQL credcheck extension
The credcheck PostgreSQL extension provides few general credential checks, which will be evaluated during the user creation, during the password change and user renaming. By using this extension, we can define a set of rules:
* allow a specific set of credentials
* reject a certain type of credentials
* deny password that can be easily cracked
* enforce use of an expiration date with a minimum of day for a password
* define a password reuse policy
* define the number of authentication failure allowed before a user is banned
* add a delay after all authentication failure
This release is a maintenance release to fix a major issue with the backup of the
password history file with pgBackRest and adds an authentication delay feature.
- Add authentication delay feature to be able to add a pause on authentication
failure. Setting `credcheck.auth_delay_ms` causes the server to pause for a
given number of milliseconds before reporting authentication failure. This
makes brute-force attacks on database passwords more difficult.
This patch is purely a copy/paste from the auth_delay extension just to limit the
number of extensions to preload. See https://www.postgresql.org/docs/current/auth-delay.html
for more information about the origin of this feature.
- Force size of file `$PGDATA/global/pg_password_history` to be a multiple of 8192
to fix pgBackRest error caused by the error message: "page misalignment in file
/.../global/pg_password_history: file size 2604 is not divisible by page size 8192"
Extension upgrade requires a PostgreSQL restart to reload the credcheck library.
Complete list of changes and acknowledgments are available [here](https://github.com/MigOpsRepos/credcheck/releases/tag/v2.4)
## Links & Credits
credcheck is an open project under the PostgreSQL license created at [MigOps Inc](https://migops.com/), developped and maintained at [HexaCluster Corp](https://hexacluster.ai/) by [Gilles Darold](https://www.darold.net/).
Any contribution to build a better tool is welcome. You can send your ideas, features requests or patches
using the GitHub tools.
**Links :**
* Download: [https://github.com/MigOpsRepos/credcheck/releases/](https://github.com/MigOpsRepos/credcheck/releases/)
* Support: use GitHub report tool at [https://github.com/MigOpsRepos/credcheck/issues](https://github.com/MigOpsRepos/credcheck/issues)
## About credcheck
The credcheck extension is an original work of [MigOps Inc](https://migops.com/), Since MigOPs is closed Gilles Darold is the official maintainer. If you need more information please [contact me](mailto:[email protected])
Documentation at [https://github.com/MigOpsRepos/credcheck#readme](https://github.com/MigOpsRepos/credcheck#readme)
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected], [email protected]
Subject: Re: Credcheck version 2.4 released
In-Reply-To: <[email protected]>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox