Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <pgsql-general-owner+archive@lists.postgresql.org>)
	id 1uTw3K-00CRfy-Bz
	for pgsql-general@arkaria.postgresql.org; Tue, 24 Jun 2025 05:18:38 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.94.2)
	(envelope-from <pgsql-general-owner+archive@lists.postgresql.org>)
	id 1uTw3I-009JqF-Bc
	for pgsql-general@arkaria.postgresql.org; Tue, 24 Jun 2025 05:18:36 +0000
Received: from makus.postgresql.org ([2001:4800:3e1:1::229])
	by malur.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <raphi@crashdump.ch>)
	id 1uTw3I-009Jq7-07
	for pgsql-general@lists.postgresql.org; Tue, 24 Jun 2025 05:18:36 +0000
Received: from mx126.mail.hosttech.eu ([82.220.38.13] helo=126.hosttech.eu)
	by makus.postgresql.org with smtp (Exim 4.96)
	(envelope-from <raphi@crashdump.ch>)
	id 1uTw3F-003fix-1A
	for pgsql-general@lists.postgresql.org;
	Tue, 24 Jun 2025 05:18:35 +0000
X-Spam-Status: No
X-hosttech-MailScanner-From: raphi@crashdump.ch
X-hosttech-MailScanner-SpamCheck: not spam, SpamAssassin (not cached,
	score=-0.801, required 5, ALL_TRUSTED -1.00, BAYES_20 -0.00,
	HT_185 0.20)
X-hosttech-MailScanner: Found to be clean
X-hosttech-MailScanner-ID: BA8B04855C81.A4E3A
X-hosttech-MailScanner-Information: Please contact the ISP for more information
Received: from [192.168.1.205] (31-10-141-228.cgn.dynamic.upc.ch [31.10.141.228])
	by 126.hosttech.eu (Postfix) with ESMTPSA id BA8B04855C81
	for <pgsql-general@lists.postgresql.org>; Tue, 24 Jun 2025 07:18:21 +0200 (CEST)
Message-ID: <4597837e-a48f-4b77-be7e-e016064c26a9@crashdump.ch>
Date: Tue, 24 Jun 2025 07:18:21 +0200
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Subject: Re: password rules
To: pgsql-general@lists.postgresql.org
References: <65b65e9f-b4b0-4927-b872-d24dff11449b@crashdump.ch>
 <aFm7gfHStOjSWx-p@msg.df7cb.de>
X-hosttech-server: 126.hosttech.eu
From: raphi <raphi@crashdump.ch>
In-Reply-To: <aFm7gfHStOjSWx-p@msg.df7cb.de>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
List-Id: <pgsql-general.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-general@lists.postgresql.org>
List-Owner: <mailto:pgsql-general-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-general>
Archived-At: <https://www.postgresql.org/message-id/4597837e-a48f-4b77-be7e-e016064c26a9%40crashdump.ch>
Precedence: bulk



Am 23.06.2025 um 22:39 schrieb Christoph Berg:
> Re: raphi
>> Sorry for this rather long (first) email on this list but I feel like I had
>> to explain our usecase and why LDAP is not always as simple as adding a line
>> to hba.conf.
> Did you give the "pam" method a try? T
Not really because it's a local solution. How do you change passwords or 
keep history on your standby nodes? Besides, the documentation says that 
postgres can't handle /etc/shadow because it runs unprivileged, only 
pam_ldap would work. Or am I missing something?

have fun,
raphi