Participants
Laurenz Albe
Laurenz Albe
MURAT KOÇ
MURAT KOÇ
Adrian Klaver
Adrian Klaver
Victor Yegorov
Victor Yegorov
Chris Travers
Chris Travers
Attachments
Show all attachments
Thread Outline
#1MURAT KOÇMURAT KOÇ
Mar 07, 2013
#2Adrian KlaverAdrian Klaverto MURAT KOÇ (#1)
Mar 07, 2013
#3...#6
Laurenz AlbeVictor YegorovChris Travers
to MURAT KOÇ (#1)
Mar 08, 2013
#3Laurenz AlbeLaurenz Albeto MURAT KOÇ (#1)
Mar 08, 2013
#4Victor YegorovVictor Yegorovto Laurenz Albe (#3)
Mar 08, 2013
#5Laurenz AlbeLaurenz Albeto Victor Yegorov (#4)
Mar 08, 2013
#6Chris TraversChris Traversto Laurenz Albe (#5)
Mar 08, 2013

Password Security Standarts on PostgreSQL

Started by MURAT KOÇabout 13 years ago6 messagesgeneral
Jump to latest
#1MURAT KOÇ
MURAT KOÇ
m.koc21@gmail.com

Hi list,

In Oracle, it could be created a user profile called "PROFILE" and this
profile could have below specifications:

PASSWORD_LIFE_TIME (that describes when password will expire)
FAILED_LOGIN_ATTEMPTS (specifies number of failed login attempts before
locking user account)
PASSWORD_LOCK_TIME (specified time after user account is locked because
of failed login attempts exceeded)
PASSWORD_VERIFY_FUNCTION (this allows setting a strong password verify
function - min characters, password complexity)

Has PostgreSQL got any capability like this except LDAP, kerberos or PAM
authentication ?

Regards,
Murat KOC

#2Adrian Klaver
Adrian Klaver
adrian.klaver@aklaver.com
In reply to: MURAT KOÇ (#1)
Re: Password Security Standarts on PostgreSQL

On 03/07/2013 03:10 AM, MURAT KOÇ wrote:

Hi list,
In Oracle, it could be created a user profile called "PROFILE" and this
profile could have below specifications:
PASSWORD_LIFE_TIME (that describes when password will expire)
FAILED_LOGIN_ATTEMPTS (specifies number of failed login attempts before
locking user account)
PASSWORD_LOCK_TIME (specified time after user account is locked
because of failed login attempts exceeded)
PASSWORD_VERIFY_FUNCTION (this allows setting a strong password verify
function - min characters, password complexity)
Has PostgreSQL got any capability like this except LDAP, kerberos or PAM
authentication ?

The only part of the above that I know of is VALID UNTIL
(PASSWORD_LIFE_TIME) from below:

http://www.postgresql.org/docs/9.2/interactive/sql-createrole.html

Regards,
Murat KOC

--
Adrian Klaver
adrian.klaver@gmail.com

--
Sent via pgsql-general mailing list (pgsql-general@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general

#3Laurenz Albe
Laurenz Albe
laurenz.albe@cybertec.at
In reply to: MURAT KOÇ (#1)
Re: Password Security Standarts on PostgreSQL

MURAT KOÇ wrote:

In Oracle, it could be created a user profile called "PROFILE" and this profile could have below
specifications:

PASSWORD_LIFE_TIME (that describes when password will expire)
FAILED_LOGIN_ATTEMPTS (specifies number of failed login attempts before locking user account)
PASSWORD_LOCK_TIME (specified time after user account is locked because of failed login attempts
exceeded)
PASSWORD_VERIFY_FUNCTION (this allows setting a strong password verify function - min characters,
password complexity)

Has PostgreSQL got any capability like this except LDAP, kerberos or PAM authentication ?

There's the "passwordcheck" contrib:
http://www.postgresql.org/docs/current/static/passwordcheck.html
It does the same thing as Oracle's PASSWORD_VERIFY_FUNCTION.
You can write your own password checking function.
This way you can also force a certain password expiry date
(PostgreSQL does not have a password life time).

Yours,
Laurenz Albe

--
Sent via pgsql-general mailing list (pgsql-general@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general

#4Victor Yegorov
Victor Yegorov
vyegorov@gmail.com
In reply to: Laurenz Albe (#3)
Re: Password Security Standarts on PostgreSQL

2013/3/8 Albe Laurenz <laurenz.albe@wien.gv.at>

This way you can also force a certain password expiry date
(PostgreSQL does not have a password life time).

What bout ALTER ROLE ... VALID UNTIL 'timestamp' ?

--
Victor Y. Yegorov

#5Laurenz Albe
Laurenz Albe
laurenz.albe@cybertec.at
In reply to: Victor Yegorov (#4)
Re: Password Security Standarts on PostgreSQL

Victor Yegorov wrote:

2013/3/8 Albe Laurenz <laurenz.albe@wien.gv.at>

This way you can also force a certain password expiry date
(PostgreSQL does not have a password life time).

What bout ALTER ROLE ... VALID UNTIL 'timestamp' ?

That's the password expiry date.

Oracle's concept is different: it sets a limit on the time
between password changes.
There is no such thing in PostgreSQL.

Yours,
Laurenz Albe

--
Sent via pgsql-general mailing list (pgsql-general@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general

#6Chris Travers
Chris Travers
chris.travers@gmail.com
In reply to: Laurenz Albe (#5)
Re: Password Security Standarts on PostgreSQL

On Fri, Mar 8, 2013 at 4:07 AM, Albe Laurenz <laurenz.albe@wien.gv.at>wrote:

Victor Yegorov wrote:

2013/3/8 Albe Laurenz <laurenz.albe@wien.gv.at>

This way you can also force a certain password expiry date
(PostgreSQL does not have a password life time).

What bout ALTER ROLE ... VALID UNTIL 'timestamp' ?

That's the password expiry date.

Oracle's concept is different: it sets a limit on the time
between password changes.
There is no such thing in PostgreSQL.

BTW, your suggestion to use a function here is exactly what we do in
LedgerSMB. Password expiration is forced to be now() + an interval
specified in a configuration table.

It would be nice to be able to do handling of failed login attempts but
currently I don;t think that's possible from within PostgreSQL (i.e.
without external auth).

← Back to Topics