2009/9/28 Andrew Dunstan <and...@dunslane.net>: > > > Ing. Marcos L. Ortíz Valmaseda wrote: >>> >>> My vote is for #3, if anything. >>> >>> >> You have to analyze all points before to do this. I vote too for the third >> option, but you have to be clear that how do you ´ll check the weakness of >> the password: >> 1- For example: the length should be greater that 6 char.. >> 2- The password should be have a combination fo numbers, letters and others >> dots >> >> Things like that you have to think very well, or to do a question to the >> list asking which are the best options. >> >> I think the same about the PAM and LDAP auth >> >> > > I'm voting for #3 precisely so postgres doesn't have to think about it, and > the module author will do all the work implementing whatever rules they want > to enforce.
That makes a lot of sense. Then we could perhaps ship a cracklib2 provider in contrib. -- Magnus Hagander Me: http://www.hagander.net/ Work: http://www.redpill-linpro.com/ -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers