| F.24. passwordcheck — verify password strength | ||||
|---|---|---|---|---|
| Prev | Up | Appendix F. Additional Supplied Modules and Extensions | Home | Next |
F.24. passwordcheck — verify password strength#
Thepasswordcheck module checks users' passwords whenever they are set withCREATE ROLE orALTER ROLE. If a password is considered too weak, it will be rejected and the command will terminate with an error.
To enable this module, add'$libdir/passwordcheck' toshared_preload_libraries inpostgresql.conf, then restart the server.
You can adapt this module to your needs by changing the source code. For example, you can useCrackLib to check passwords — this only requires uncommenting two lines in theMakefile and rebuilding the module. (We cannot includeCrackLib by default for license reasons.) WithoutCrackLib, the module enforces a few simple rules for password strength, which you can modify or extend as you see fit.
Caution
To prevent unencrypted passwords from being sent across the network, written to the server log or otherwise stolen by a database administrator,PostgreSQL allows the user to supply pre-encrypted passwords. Many client programs make use of this functionality and encrypt the password before sending it to the server.
This limits the usefulness of thepasswordcheck module, because in that case it can only try to guess the password. For this reason,passwordcheck is not recommended if your security requirements are high. It is more secure to use an external authentication method such as GSSAPI (seeChapter 20) than to rely on passwords within the database.
Alternatively, you could modifypasswordcheck to reject pre-encrypted passwords, but forcing users to set their passwords in clear text carries its own security risks.