Re: Maximum password length

Greetings,

* Bossart, Nathan (bossartn@amazon.com) wrote:
> On 10/12/18, 4:04 PM, "Isaac Morland" <isaac.morland@gmail.com> wrote:
> > I agree there should be a specific limit that is the same in libpq,
> > on the server, and in the protocol. Maybe 128 characters, to get a
> > nice round number? This is still way longer than the 32-byte SHA 256
> > hash. Or 64, which is still plenty but doesn't involve extending the
> > current character buffer size to a longer value while still hugely
> > exceeding the amount of information in the hash.
>
> My main motivation for suggesting the increase to 8k is to provide
> flexibility for alternative authentication methods like LDAP, RADIUS,
> PAM, and BSD.

Specific use-cases here would be better than hand-waving at "these other
things."  Last I checked, all of those work with what we've got today
and I don't recall hearing complaints about them not working due to this
limit.

Thanks!

Stephen