Re: Query on User account password change details

On Fri, May  7, 2021 at 08:55:15AM -0500, Ron wrote:
> On 5/7/21 7:30 AM, Scott Ribe wrote:
> > > On May 6, 2021, at 11:40 PM, Ron <ronljohnsonjr@gmail.com> wrote:
> > > 
> > > Comments like this are indicative of someone who's never been through an external audit.
> > While maybe true, the point stands that even the original source of the requirement has admitted it's a bad idea,
andstandards bodies are dropping it. So, unlike many other things we might consider pointless, with this one, you have
thekind of defense that might work in an audit.
 
> 
> The problem is that Postgresql allows Really Short Passwords without
> uttering a peep, and that's not defensible to an auditor.
> 
> psql (12.5 (Ubuntu 12.5-1.pgdg18.04+1))
> Type "help" for help.
> 
> postgres=# create role foo password 'a';
> CREATE ROLE
> postgres=#

Have you considered passwordcheck?

    https://www.postgresql.org/docs/13/passwordcheck.html

-- 
  Bruce Momjian  <bruce@momjian.us>        https://momjian.us
  EDB                                      https://enterprisedb.com

  If only the physical world exists, free will is an illusion.