public inbox for [email protected]
help / color / mirror / Atom feedFrom: Gilles Darold <[email protected]>
To: raphi <[email protected]>
To: [email protected]
Subject: Re: password rules
Date: Tue, 24 Jun 2025 14:28:41 +0200
Message-ID: <[email protected]> (raw)
In-Reply-To: <[email protected]>
References: <[email protected]>
<[email protected]>
<[email protected]>
Le 24/06/2025 à 07:18, raphi a écrit :
>
>
> Am 23.06.2025 um 22:39 schrieb Christoph Berg:
>> Re: raphi
>>> Sorry for this rather long (first) email on this list but I feel
>>> like I had
>>> to explain our usecase and why LDAP is not always as simple as
>>> adding a line
>>> to hba.conf.
>> Did you give the "pam" method a try? T
> Not really because it's a local solution. How do you change passwords
> or keep history on your standby nodes? Besides, the documentation says
> that postgres can't handle /etc/shadow because it runs unprivileged,
> only pam_ldap would work. Or am I missing something?
>
> have fun,
> raphi
I think the credcheck extension has been created to handle the features
you are requesting.
> - enforce some password complexity and prevent reuse
This is already implemented.
> - expire a password immediately after creating and prompt the user to
change it upon first login try. They can connect with the initial
> password but cannot login until they've set a new password.
I have started to work some weeks ago and it just need more time to
end/polish the job.
> the password history is not being replicated to the standby so we can
not use it.
It is in my TODO list for a year as you noted and will try to implement
it this summer.
--
Gilles Darold
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected], [email protected], [email protected]
Subject: Re: password rules
In-Reply-To: <[email protected]>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox