public inbox for [email protected]
help / color / mirror / Atom feedPassword complexity/history - credcheck?
2+ messages / 2 participants
[nested] [flat]
* Password complexity/history - credcheck?
@ 2024-06-22 23:28 Martin Goodson <[email protected]>
0 siblings, 1 reply; 2+ messages in thread
From: Martin Goodson @ 2024-06-22 23:28 UTC (permalink / raw)
To: [email protected]
Hello.
Recently our security team have wanted to apply password complexity
checks akin to Oracle's profile mechanism to PostgreSQL, checking that a
password hasn't been used in x months etc, has minimum length, x special
characters and x numeric characters, mixed case etc.
As far as I'm aware there's nothing part of the standard 'community
edition' which gives us that, apart from passwordcheck - which doesn't
give you a password history.
Can anyone recommend a good mechanism to accomodate this? Ideally we're
looking for something well-established, reliable, and easily
configurable. Does anything spring to mind?
A colleague has been looking around, and stumbled across
https://github.com/MigOpsRepos/credcheck. Does anyone have any positive
(or negative) experience with this? I'm happy to download and apply to a
test database, obviously, but some indication of whether or not it's
worth looking at first would be greatly appreciated. Is this something
that the community would recommend?
Many thanks!
--
Martin Goodson.
"Have you thought up some clever plan, Doctor?"
"Yes, Jamie, I believe I have."
"What're you going to do?"
"Bung a rock at it."
^ permalink raw reply [nested|flat] 2+ messages in thread
* Re: Password complexity/history - credcheck?
@ 2024-06-23 02:38 Ron Johnson <[email protected]>
parent: Martin Goodson <[email protected]>
0 siblings, 0 replies; 2+ messages in thread
From: Ron Johnson @ 2024-06-23 02:38 UTC (permalink / raw)
To: pgsql-general
On Sat, Jun 22, 2024 at 7:28 PM Martin Goodson <[email protected]>
wrote:
> Hello.
>
> Recently our security team have wanted to apply password complexity
> checks akin to Oracle's profile mechanism to PostgreSQL, checking that a
> password hasn't been used in x months
There would have to be a pg_catalog table which stores login history.
> etc, has minimum length, x special
> characters and x numeric characters, mixed case etc.
>
Is that an after-the-fact scanner (with all the problems Tom mentioned), or
is it a client-side "check while you're typing in the *new* password"
scanner?
^ permalink raw reply [nested|flat] 2+ messages in thread
end of thread, other threads:[~2024-06-23 02:38 UTC | newest]
Thread overview: 2+ messages (download: mbox mbox.gz follow: Atom feed)
-- links below jump to the message on this page --
2024-06-22 23:28 Password complexity/history - credcheck? Martin Goodson <[email protected]>
2024-06-23 02:38 ` Ron Johnson <[email protected]>
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox