Password Policy

2007/2/10, Ezequias Rodrigues da Rocha <ezequias.rocha@gmail.com>:

Hi list,

Is there any password polity that postgresql implement ?

It is possible to put a set all no administrators passwords to = '123456'
from times and times ?

Has anyone implement a dinamic password autentication (the password changes
according the date/month etc of a day ) ?

Are you sure you are posting to the correct list? The postgresql
general list is:
http://archives.postgresql.org/pgsql-general/

Regards,
--
Clodoaldo Pinto Neto

Clodoaldo wrote:

2007/2/10, Ezequias Rodrigues da Rocha <ezequias.rocha@gmail.com>:

Hi list,

Is there any password polity that postgresql implement ?

It is possible to put a set all no administrators passwords to =
'123456'
from times and times ?

Has anyone implement a dinamic password autentication (the password
changes
according the date/month etc of a day ) ?

Are you sure you are posting to the correct list? The postgresql
general list is:
http://archives.postgresql.org/pgsql-general/

Regards,

pgsql-admin would also be appropriate to help with this.

Regards
Andy

Hi list (my first post),

Is there any password polity that postgresql implement ?

It is possible to put a set all no administrators passwords to = '123456'
from times and times ?

Has anyone implement a dinamic password autentication (the password
changes according the date/month etc of a day ) ?

Is there any function to encript, decript plain text in PostgreSQL and if
it is aplicable ?

Regards ...

In the last exciting episode, ezequias.rocha@gmail.com ("Ezequias Rodrigues da Rocha") wrote:

Hi list (my first post),

Is there any password polity that postgresql implement ?

No, that would be a serious mistake, as it would prevent people from
having local policies that differed from the "PostgreSQL�policy."

It is possible to put a set all no administrators passwords to
= '123456' from times and times ?

I'm not quite certain what you mean by that...

Do you mean you want to be able to set all non-administrators'
passwords to some particular value?

You could do that by setting one user's password to a particular
plaintext form, and then alter the others to match it.

Thus:

alter user stalking_horse password to '123456';
update pg_shadow set passwd = (select passwd from pg_shadow where usename = 'stalking_horse') and not usesuper;

I'm not sure that's an entirely wonderful policy, though.

Has anyone implement a dinamic password autentication (the password
changes according the date/month etc of a day ) ?

Well, you could use ident-based authentication, and then use some
wacky method to authenticate the user at the Unix level via PAM...

Changing passwords that often strikes me as being the wrong kind of
approach to this. Having a flurry of passwords that users can't
possibly remember is a clear route to having passwords sitting on
Post-It notes on cubicles.

I'd be much more inclined to use an unrememberable random password,
stowed in ~/.pgpass, which doesn't need to expire terribly often.

The other option would be to use ssh style keys for authentication;
that isn't possible now, but would be an attractive feature.

Is there any function to encript, decript plain text in PostgreSQL�
and if� it is aplicable ?

There is a contrib module, pgcrypto, which is quite suitable for such
purposes...
--
output = ("cbbrowne" "@" "gmail.com")
http://linuxfinances.info/info/emacs.html
The purpose of an undergraduate education at MIT is to give you a case
of post-traumatic stress syndrome that won't wear off for forty years.

Ezequias Rodrigues da Rocha wrote:

Hi list,

Is there any password polity that postgresql implement ?

It is possible to put a set all no administrators passwords to = '123456'
from times and times ?

Has anyone implement a dinamic password autentication (the password changes
according the date/month etc of a day ) ?

Use PAM/LDAP/Kerberos to handle your passwords and you have access to
all sorts of options.

--
Richard Huxton
Archonet Ltd