In the discussion following
http://archives.postgresql.org/pgsql-hackers/2009-09/msg01766.php
the consensus was that a hook that allows you to implement
a password checking routine as a module "would not hurt".
So here's the patch.
I don't think there is documentation required;
correct me if I am wrong.
Yours,
Laurenz Albe