Tom Lane wrote:
> Dave Page <dpage@pgadmin.org> writes:
>
>> I would suggest that in addition to the proposed plugin, we add an
>> suset GUC (defaulting to OFF) which rejects any use of WITH ENCRYPTED
>> PASSWORD to ensure that the password complexity can be checked when
>> roles are created or modified.
>>
>
> That's going to stop us from being beat up? A GUC that forcibly
> *weakens* security? I can't see it.
>
> If you're really intent on making that happen, you can have your
> password checker plugin reject crypted passwords; we don't need
> such a questionable rule in core.
>
>
>
And you could have the plugin do that depending on a custom GUC.
cheers
andrew