1<!-- doc/src/sgml/passwordcheck.sgml -->
2
3<sect1 id="passwordcheck" xreflabel="passwordcheck">
4 <title>passwordcheck</title>
5
6 <indexterm zone="passwordcheck">
7  <primary>passwordcheck</primary>
8 </indexterm>
9
10 <para>
11  The <filename>passwordcheck</filename> module checks users' passwords
12  whenever they are set with
13  <xref linkend="sql-createrole"/> or
14  <xref linkend="sql-alterrole"/>.
15  If a password is considered too weak, it will be rejected and
16  the command will terminate with an error.
17 </para>
18
19 <para>
20  To enable this module, add <literal>'$libdir/passwordcheck'</literal>
21  to <xref linkend="guc-shared-preload-libraries"/> in
22  <filename>postgresql.conf</filename>, then restart the server.
23 </para>
24
25 <para>
26  You can adapt this module to your needs by changing the source code.
27  For example, you can use
28  <ulink url="https://sourceforge.net/projects/cracklib/">CrackLib</ulink>
29  to check passwords &mdash; this only requires uncommenting
30  two lines in the <filename>Makefile</filename> and rebuilding the
31  module.  (We cannot include <productname>CrackLib</productname>
32  by default for license reasons.)
33  Without <productname>CrackLib</productname>, the module enforces a few
34  simple rules for password strength, which you can modify or extend
35  as you see fit.
36 </para>
37
38 <caution>
39  <para>
40   To prevent unencrypted passwords from being sent across the network,
41   written to the server log or otherwise stolen by a database administrator,
42   <productname>PostgreSQL</productname> allows the user to supply
43   pre-encrypted passwords. Many client programs make use of this
44   functionality and encrypt the password before sending it to the server.
45  </para>
46  <para>
47   This limits the usefulness of the <filename>passwordcheck</filename>
48   module, because in that case it can only try to guess the password.
49   For this reason, <filename>passwordcheck</filename> is not
50   recommended if your security requirements are high.
51   It is more secure to use an external authentication method such as GSSAPI
52   (see <xref linkend="client-authentication"/>) than to rely on
53   passwords within the database.
54  </para>
55  <para>
56   Alternatively, you could modify <filename>passwordcheck</filename>
57   to reject pre-encrypted passwords, but forcing users to set their
58   passwords in clear text carries its own security risks.
59  </para>
60 </caution>
61
62</sect1>
63