diff --new-file -c -r postgresql-8.5.orig/doc/src/sgml/contrib.sgml postgresql-8.5/doc/src/sgml/contrib.sgml
*** postgresql-8.5.orig/doc/src/sgml/contrib.sgml	2009-11-16 11:31:13.000000000 +0100
--- postgresql-8.5/doc/src/sgml/contrib.sgml	2009-11-16 11:34:04.000000000 +0100
***************
*** 98,103 ****
--- 98,104 ----
   &ltree;
   &oid2name;
   &pageinspect;
+  &passwordcheck;
   &pgbench;
   &pgbuffercache;
   &pgcrypto;
diff --new-file -c -r postgresql-8.5.orig/doc/src/sgml/filelist.sgml postgresql-8.5/doc/src/sgml/filelist.sgml
*** postgresql-8.5.orig/doc/src/sgml/filelist.sgml	2009-11-16 11:31:14.000000000 +0100
--- postgresql-8.5/doc/src/sgml/filelist.sgml	2009-11-16 11:34:04.000000000 +0100
***************
*** 111,116 ****
--- 111,117 ----
  <!entity ltree           SYSTEM "ltree.sgml">
  <!entity oid2name        SYSTEM "oid2name.sgml">
  <!entity pageinspect     SYSTEM "pageinspect.sgml">
+ <!entity passwordcheck   SYSTEM "passwordcheck.sgml">
  <!entity pgbench         SYSTEM "pgbench.sgml">
  <!entity pgbuffercache   SYSTEM "pgbuffercache.sgml">
  <!entity pgcrypto        SYSTEM "pgcrypto.sgml">
diff --new-file -c -r postgresql-8.5.orig/doc/src/sgml/passwordcheck.sgml postgresql-8.5/doc/src/sgml/passwordcheck.sgml
*** postgresql-8.5.orig/doc/src/sgml/passwordcheck.sgml	1970-01-01 01:00:00.000000000 +0100
--- postgresql-8.5/doc/src/sgml/passwordcheck.sgml	2009-11-16 11:34:04.000000000 +0100
***************
*** 0 ****
--- 1,49 ----
+ <sect1 id="passwordcheck">
+  <title>passwordcheck</title>
+ 
+  <indexterm zone="passwordcheck">
+   <primary>passwordcheck</primary>
+  </indexterm>
+ 
+  <para>
+   The <filename>passwordcheck</filename> module checks passwords set with
+   <xref linkend="SQL-CREATEROLE" endterm="SQL-CREATEROLE-title"> or
+   <xref linkend="SQL-ALTERROLE" endterm="SQL-ALTERROLE-title">.
+   If a password is considered too weak, it will be rejected and
+   the command will terminate with error.
+  </para>
+ 
+  <para>
+   To enable this module, add <literal>'$libdir/passwordcheck.so'</literal>
+   to <varname>shared_preload_libraries</varname> in
+   <filename>postgresql.conf</filename> and restart the server.
+  </para>
+ 
+  <warning>
+   <para>
+    To prevent unencrypted passwords from being sent across the network,
+    written to the server log or otherwise stolen by a database administrator,
+    <productname>PostgreSQL</productname> allows the user to supply
+    pre-encrypted passwords. Many client programs make use of this
+    functionality and encrypt the password before sending it to the server.
+   </para>
+   <para>
+    This limits the usefulness of the <filename>passwordcheck</filename>
+    module, because in that case it can only try to guess the password.
+    For this reason, <filename>passwordcheck</filename> is not
+    commendable if your security requirements are high. You should use
+    an external authentication method in that case
+    (see <xref linkend="client-authentication">).
+   </para>
+  </warning>
+ 
+  <para>
+   You can adapt this module to your needs by changing the source code.
+   For example, you can use
+   <ulink url="http://sourceforge.net/projects/cracklib/">CrackLib</ulink>
+   to check unencrypted passwords - this can be done by uncommenting
+   two lines in the <filename>Makefile</filename> and rebuilding the
+   module. We cannot include <productname>CrackLib</productname>
+   by default for license reasons.
+  </para>
+ </sect1>