From: Dave Page on
On Thu, Oct 1, 2009 at 1:53 PM, Albe Laurenz <laurenz.albe(a)wien.gv.at> wrote:
> In the discussion following
> http://archives.postgresql.org/pgsql-hackers/2009-09/msg01766.php
> the consensus was that a hook that allows you to implement
> a password checking routine as a module "would not hurt".
>
> So here's the patch.
> I don't think there is documentation required;
> correct me if I am wrong.

How will people know how to use it, or that it's even there without at
least a note in the docs somewhere?

--
Dave Page
EnterpriseDB UK: http://www.enterprisedb.com

--
Sent via pgsql-hackers mailing list (pgsql-hackers(a)postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

From: Andrew Dunstan on


Dave Page wrote:
> On Thu, Oct 1, 2009 at 1:53 PM, Albe Laurenz <laurenz.albe(a)wien.gv.at> wrote:
>
>> In the discussion following
>> http://archives.postgresql.org/pgsql-hackers/2009-09/msg01766.php
>> the consensus was that a hook that allows you to implement
>> a password checking routine as a module "would not hurt".
>>
>> So here's the patch.
>> I don't think there is documentation required;
>> correct me if I am wrong.
>>
>
> How will people know how to use it, or that it's even there without at
> least a note in the docs somewhere?
>
>

I'd prefer to have an example as a contrib module, as well as docs.
Quite apart from anything else, how the heck would we test it without
such a thing?

cheers

andrew

--
Sent via pgsql-hackers mailing list (pgsql-hackers(a)postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

From: "Albe Laurenz" on
Andrew Dunstan wrote:
>>> So here's the patch.
>>> I don't think there is documentation required;
>>> correct me if I am wrong.
>>
>> How will people know how to use it, or that it's even there without at
>> least a note in the docs somewhere?
>
> I'd prefer to have an example as a contrib module, as well as docs.
> Quite apart from anything else, how the heck would we test it without
> such a thing?

I was not sure because no other hooks were documented anywhere else
than in the code.

I could add a paragraph in the "auth-password" section of
client-auth.sgml. Or is there a better place?

I could easily write a simple contrib that adds a check for
username = password if there is interest.

Yours,
Laurenz Albe

--
Sent via pgsql-hackers mailing list (pgsql-hackers(a)postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

From: Magnus Hagander on
On Thu, Oct 1, 2009 at 15:26, Albe Laurenz <laurenz.albe(a)wien.gv.at> wrote:
> Andrew Dunstan wrote:
>>>> So here's the patch.
>>>> I don't think there is documentation required;
>>>> correct me if I am wrong.
>>>
>>> How will people know how to use it, or that it's even there without at
>>> least a note in the docs somewhere?
>>
>> I'd prefer to have an example as a contrib module, as well as docs.
>> Quite apart from anything else, how the heck would we test it without
>> such a thing?
>
> I was not sure because no other hooks were documented anywhere else
> than in the code.
>
> I could add a paragraph in the "auth-password" section of
> client-auth.sgml. Or is there a better place?
>
> I could easily write a simple contrib that adds a check for
> username = password if there is interest.

I think it's better to have an actually *useful* contrib module for
it, if there is one. Meaning perhaps something that links to that
cracklib thing mentioned upthread.

--
Magnus Hagander
Me: http://www.hagander.net/
Work: http://www.redpill-linpro.com/

--
Sent via pgsql-hackers mailing list (pgsql-hackers(a)postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

From: Kenneth Marshall on
On Thu, Oct 01, 2009 at 03:54:37PM +0200, Magnus Hagander wrote:
> On Thu, Oct 1, 2009 at 15:26, Albe Laurenz <laurenz.albe(a)wien.gv.at> wrote:
> > Andrew Dunstan wrote:
> >>>> So here's the patch.
> >>>> I don't think there is documentation required;
> >>>> correct me if I am wrong.
> >>>
> >>> How will people know how to use it, or that it's even there without at
> >>> least a note in the docs somewhere?
> >>
> >> I'd prefer to have an example as a contrib module, as well as docs.
> >> Quite apart from anything else, how the heck would we test it without
> >> such a thing?
> >
> > I was not sure because no other hooks were documented anywhere else
> > than in the code.
> >
> > I could add a paragraph in the "auth-password" section of
> > client-auth.sgml. Or is there a better place?
> >
> > I could easily write a simple contrib that adds a check for
> > username = password if there is interest.
>
> I think it's better to have an actually *useful* contrib module for
> it, if there is one. Meaning perhaps something that links to that
> cracklib thing mentioned upthread.
>

+1 for a sample module that will allow cracklib to drop in.

Cheers,
Ken

--
Sent via pgsql-hackers mailing list (pgsql-hackers(a)postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers