postgresql/doc/src/sgml/passwordcheck.sgml

<!-- doc/src/sgml/passwordcheck.sgml -->

<sect1 id="passwordcheck" xreflabel="passwordcheck">
 <title>passwordcheck</title>

 <indexterm zone="passwordcheck">
  <primary>passwordcheck</primary>
 </indexterm>

 <para>
  The <filename>passwordcheck</filename> module checks users' passwords
  whenever they are set with
  <xref linkend="sql-createrole"/> or
  <xref linkend="sql-alterrole"/>.
  If a password is considered too weak, it will be rejected and
  the command will terminate with an error.
 </para>

 <para>
  To enable this module, add <literal>'$libdir/passwordcheck'</literal>
  to <xref linkend="guc-shared-preload-libraries"/> in
  <filename>postgresql.conf</filename>, then restart the server.
 </para>

 <para>
  You can adapt this module to your needs by changing the source code.
  For example, you can use
  <ulink url="https://sourceforge.net/projects/cracklib/">CrackLib</ulink>
  to check passwords &mdash; this only requires uncommenting
  two lines in the <filename>Makefile</filename> and rebuilding the
  module.  (We cannot include <productname>CrackLib</productname>
  by default for license reasons.)
  Without <productname>CrackLib</productname>, the module enforces a few
  simple rules for password strength, which you can modify or extend
  as you see fit.
 </para>

 <caution>
  <para>
   To prevent unencrypted passwords from being sent across the network,
   written to the server log or otherwise stolen by a database administrator,
   <productname>PostgreSQL</productname> allows the user to supply
   pre-encrypted passwords. Many client programs make use of this
   functionality and encrypt the password before sending it to the server.
  </para>
  <para>
   This limits the usefulness of the <filename>passwordcheck</filename>
   module, because in that case it can only try to guess the password.
   For this reason, <filename>passwordcheck</filename> is not
   recommended if your security requirements are high.
   It is more secure to use an external authentication method such as GSSAPI
   (see <xref linkend="client-authentication"/>) than to rely on
   passwords within the database.
  </para>
  <para>
   Alternatively, you could modify <filename>passwordcheck</filename>
   to reject pre-encrypted passwords, but forcing users to set their
   passwords in clear text carries its own security risks.
  </para>
 </caution>

</sect1>
Remove cvs keywords from all files. 2010-09-20 16:08:53 -04:00			`<!-- doc/src/sgml/passwordcheck.sgml -->`
Add a hook to CREATE/ALTER ROLE to allow an external module to check the strength of database passwords, and create a sample implementation of such a hook as a new contrib module "passwordcheck". Laurenz Albe, reviewed by Takahiro Itagaki 2009-11-18 16:57:56 -05:00
Add xreflabels to /contrib manuals so links appear correct. Also update README.links to explain xref properly. 2011-05-07 22:29:20 -04:00			`<sect1 id="passwordcheck" xreflabel="passwordcheck">`
Add a hook to CREATE/ALTER ROLE to allow an external module to check the strength of database passwords, and create a sample implementation of such a hook as a new contrib module "passwordcheck". Laurenz Albe, reviewed by Takahiro Itagaki 2009-11-18 16:57:56 -05:00			`<title>passwordcheck</title>`

			`<indexterm zone="passwordcheck">`
			`<primary>passwordcheck</primary>`
			`</indexterm>`

			`<para>`
			`The <filename>passwordcheck</filename> module checks users' passwords`
			`whenever they are set with`
Convert documentation to DocBook XML Since some preparation work had already been done, the only source changes left were changing empty-element tags like <xref linkend="foo"> to <xref linkend="foo"/>, and changing the DOCTYPE. The source files are still named *.sgml, but they are actually XML files now. Renaming could be considered later. In the build system, the intermediate step to convert from SGML to XML is removed. Everything is build straight from the source files again. The OpenSP (or the old SP) package is no longer needed. The documentation toolchain instructions are updated and are much simpler now. Peter Eisentraut, Alexander Lakhin, Jürgen Purtz 2017-11-23 09:39:47 -05:00			`<xref linkend="sql-createrole"/> or`
			`<xref linkend="sql-alterrole"/>.`
Add a hook to CREATE/ALTER ROLE to allow an external module to check the strength of database passwords, and create a sample implementation of such a hook as a new contrib module "passwordcheck". Laurenz Albe, reviewed by Takahiro Itagaki 2009-11-18 16:57:56 -05:00			`If a password is considered too weak, it will be rejected and`
			`the command will terminate with an error.`
			`</para>`

			`<para>`
			`To enable this module, add <literal>'$libdir/passwordcheck'</literal>`
Convert documentation to DocBook XML Since some preparation work had already been done, the only source changes left were changing empty-element tags like <xref linkend="foo"> to <xref linkend="foo"/>, and changing the DOCTYPE. The source files are still named *.sgml, but they are actually XML files now. Renaming could be considered later. In the build system, the intermediate step to convert from SGML to XML is removed. Everything is build straight from the source files again. The OpenSP (or the old SP) package is no longer needed. The documentation toolchain instructions are updated and are much simpler now. Peter Eisentraut, Alexander Lakhin, Jürgen Purtz 2017-11-23 09:39:47 -05:00			`to <xref linkend="guc-shared-preload-libraries"/> in`
Add a hook to CREATE/ALTER ROLE to allow an external module to check the strength of database passwords, and create a sample implementation of such a hook as a new contrib module "passwordcheck". Laurenz Albe, reviewed by Takahiro Itagaki 2009-11-18 16:57:56 -05:00			`<filename>postgresql.conf</filename>, then restart the server.`
			`</para>`

			`<para>`
			`You can adapt this module to your needs by changing the source code.`
			`For example, you can use`
doc: Update redirecting links Update links that resulted in redirects. Most are changes from http to https, but there are also some other minor edits. (There are still some redirects where the target URL looks less elegant than the one we currently have. I have left those as is.) 2018-07-16 04:44:06 -04:00			`<ulink url="https://sourceforge.net/projects/cracklib/">CrackLib</ulink>`
Add a hook to CREATE/ALTER ROLE to allow an external module to check the strength of database passwords, and create a sample implementation of such a hook as a new contrib module "passwordcheck". Laurenz Albe, reviewed by Takahiro Itagaki 2009-11-18 16:57:56 -05:00			`to check passwords — this only requires uncommenting`
			`two lines in the <filename>Makefile</filename> and rebuilding the`
			`module. (We cannot include <productname>CrackLib</productname>`
			`by default for license reasons.)`
			`Without <productname>CrackLib</productname>, the module enforces a few`
			`simple rules for password strength, which you can modify or extend`
			`as you see fit.`
			`</para>`

			`<caution>`
			`<para>`
			`To prevent unencrypted passwords from being sent across the network,`
			`written to the server log or otherwise stolen by a database administrator,`
			`<productname>PostgreSQL</productname> allows the user to supply`
			`pre-encrypted passwords. Many client programs make use of this`
			`functionality and encrypt the password before sending it to the server.`
			`</para>`
			`<para>`
			`This limits the usefulness of the <filename>passwordcheck</filename>`
			`module, because in that case it can only try to guess the password.`
			`For this reason, <filename>passwordcheck</filename> is not`
In documentation, change "recommendable" to "recommended", per consultation with word definitions. Backpatch to 9.2. 2012-08-14 12:36:35 -04:00			`recommended if your security requirements are high.`
Remove support for native krb5 authentication krb5 has been deprecated since 8.3, and the recommended way to do Kerberos authentication is using the GSSAPI authentication method (which is still fully supported). libpq retains the ability to identify krb5 authentication, but only gives an error message about it being unsupported. Since all authentication is initiated from the backend, there is no need to keep it at all in the backend. 2014-01-15 11:24:01 -05:00			`It is more secure to use an external authentication method such as GSSAPI`
Convert documentation to DocBook XML Since some preparation work had already been done, the only source changes left were changing empty-element tags like <xref linkend="foo"> to <xref linkend="foo"/>, and changing the DOCTYPE. The source files are still named *.sgml, but they are actually XML files now. Renaming could be considered later. In the build system, the intermediate step to convert from SGML to XML is removed. Everything is build straight from the source files again. The OpenSP (or the old SP) package is no longer needed. The documentation toolchain instructions are updated and are much simpler now. Peter Eisentraut, Alexander Lakhin, Jürgen Purtz 2017-11-23 09:39:47 -05:00			`(see <xref linkend="client-authentication"/>) than to rely on`
Add a hook to CREATE/ALTER ROLE to allow an external module to check the strength of database passwords, and create a sample implementation of such a hook as a new contrib module "passwordcheck". Laurenz Albe, reviewed by Takahiro Itagaki 2009-11-18 16:57:56 -05:00			`passwords within the database.`
			`</para>`
			`<para>`
			`Alternatively, you could modify <filename>passwordcheck</filename>`
			`to reject pre-encrypted passwords, but forcing users to set their`
			`passwords in clear text carries its own security risks.`
			`</para>`
			`</caution>`

			`</sect1>`