Re: Rejecting weak passwords

Dave Page wrote:
> I never said it wasn't - in fact I said from the outset it was about
> box-checking, and that anyone doing things properly will use
> LDAP/SSPI/Kerberos etc.

I don't understand why the box-checkers can't already check that
box; with the explanation stating "Yes - by using LDAP or GSSAPI
or PAM configured accordingly".

Or do checkbox-lists specifically say
"can postgres do XYZ with all OS security features disabled".

> Anyway, as noted in the message you quoted, the current proposal will
> allow my colleagues to check boxes, and will be implemented in a
> sensible way on the server side. And it's entirely confined to a
> plugin, so if you trust all your users, there's no need for you to
> load it at all.

Note that I'm not horribly against the feature (though I wouldn't
use it) --- just that ISTM we're checkbox-compliant already by
working with the OS, and it's perhaps more a documentation issue
than coding issue to get those boxes checked.