????

Your IP : 18.222.25.95

Current Path : C:/opt/pgsql/doc/postgresql/html/
Upload File :
Current File : C:/opt/pgsql/doc/postgresql/html/passwordcheck.html

<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>F.26. passwordcheck — verify password strength</title><link rel="stylesheet" type="text/css" href="stylesheet.css" /><link rev="made" href="pgsql-docs@lists.postgresql.org" /><meta name="generator" content="DocBook XSL Stylesheets Vsnapshot" /><link rel="prev" href="pageinspect.html" title="F.25. pageinspect — low-level inspection of database pages" /><link rel="next" href="pgbuffercache.html" title="F.27. pg_buffercache — inspect PostgreSQL buffer cache state" /></head><body id="docContent" class="container-fluid col-10"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="5" align="center">F.26. passwordcheck — verify password strength</th></tr><tr><td width="10%" align="left"><a accesskey="p" href="pageinspect.html" title="F.25. pageinspect — low-level inspection of database pages">Prev</a> </td><td width="10%" align="left"><a accesskey="u" href="contrib.html" title="Appendix F. Additional Supplied Modules and Extensions">Up</a></td><th width="60%" align="center">Appendix F. Additional Supplied Modules and Extensions</th><td width="10%" align="right"><a accesskey="h" href="index.html" title="PostgreSQL 16.3 Documentation">Home</a></td><td width="10%" align="right"> <a accesskey="n" href="pgbuffercache.html" title="F.27. pg_buffercache — inspect PostgreSQL&#10;    buffer cache state">Next</a></td></tr></table><hr /></div><div class="sect1" id="PASSWORDCHECK"><div class="titlepage"><div><div><h2 class="title" style="clear: both">F.26. passwordcheck — verify password strength <a href="#PASSWORDCHECK" class="id_link">#</a></h2></div></div></div><a id="id-1.11.7.36.2" class="indexterm"></a><p>
  The <code class="filename">passwordcheck</code> module checks users' passwords
  whenever they are set with
  <a class="xref" href="sql-createrole.html" title="CREATE ROLE"><span class="refentrytitle">CREATE ROLE</span></a> or
  <a class="xref" href="sql-alterrole.html" title="ALTER ROLE"><span class="refentrytitle">ALTER ROLE</span></a>.
  If a password is considered too weak, it will be rejected and
  the command will terminate with an error.
 </p><p>
  To enable this module, add <code class="literal">'$libdir/passwordcheck'</code>
  to <a class="xref" href="runtime-config-client.html#GUC-SHARED-PRELOAD-LIBRARIES">shared_preload_libraries</a> in
  <code class="filename">postgresql.conf</code>, then restart the server.
 </p><p>
  You can adapt this module to your needs by changing the source code.
  For example, you can use
  <a class="ulink" href="https://github.com/cracklib/cracklib" target="_top">CrackLib</a>
  to check passwords — this only requires uncommenting
  two lines in the <code class="filename">Makefile</code> and rebuilding the
  module.  (We cannot include <span class="productname">CrackLib</span>
  by default for license reasons.)
  Without <span class="productname">CrackLib</span>, the module enforces a few
  simple rules for password strength, which you can modify or extend
  as you see fit.
 </p><div class="caution"><h3 class="title">Caution</h3><p>
   To prevent unencrypted passwords from being sent across the network,
   written to the server log or otherwise stolen by a database administrator,
   <span class="productname">PostgreSQL</span> allows the user to supply
   pre-encrypted passwords. Many client programs make use of this
   functionality and encrypt the password before sending it to the server.
  </p><p>
   This limits the usefulness of the <code class="filename">passwordcheck</code>
   module, because in that case it can only try to guess the password.
   For this reason, <code class="filename">passwordcheck</code> is not
   recommended if your security requirements are high.
   It is more secure to use an external authentication method such as GSSAPI
   (see <a class="xref" href="client-authentication.html" title="Chapter 21. Client Authentication">Chapter 21</a>) than to rely on
   passwords within the database.
  </p><p>
   Alternatively, you could modify <code class="filename">passwordcheck</code>
   to reject pre-encrypted passwords, but forcing users to set their
   passwords in clear text carries its own security risks.
  </p></div></div><div class="navfooter"><hr /><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="pageinspect.html" title="F.25. pageinspect — low-level inspection of database pages">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="contrib.html" title="Appendix F. Additional Supplied Modules and Extensions">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="pgbuffercache.html" title="F.27. pg_buffercache — inspect PostgreSQL&#10;    buffer cache state">Next</a></td></tr><tr><td width="40%" align="left" valign="top">F.25. pageinspect — low-level inspection of database pages </td><td width="20%" align="center"><a accesskey="h" href="index.html" title="PostgreSQL 16.3 Documentation">Home</a></td><td width="40%" align="right" valign="top"> F.27. pg_buffercache — inspect <span class="productname">PostgreSQL</span>
    buffer cache state</td></tr></table></div></body></html>