Re: passwordcheck: Log cracklib diagnostics

On 2020-08-25 15:32, Laurenz Albe wrote:
> On Tue, 2020-08-25 at 13:48 +0200, Daniel Gustafsson wrote:
>>> On 25 Aug 2020, at 12:20, Peter Eisentraut <peter.eisentraut@2ndquadrant.com> wrote:
>>>
>>> A user tried to use the cracklib build-time option of the passwordcheck module.  This failed, as it turned out
becausethere was no dictionary installed in the right place, but the error was not
 
>>> properly reported, because the existing code just throws away the error message from cracklib.  Attached is a patch
thatchanges this by logging any error message returned from the cracklib call.
 
>>
>> +1 on this, it's also in line with the example documentation from cracklib.
>> The returned error is potentially a bit misleading now, as it might say claim
>> that a strong password is easily cracked if the dictionary fails load.  Given
>> that there is no way to distinguish between the class of returned errors it's
>> hard to see how we can do better though.
>>
>> While poking at this, we might as well update the docs to point to the right
>> URL for CrackLib as it moved from Sourceforge five years ago.  The attached
>> diff fixes that.
> 
> +1 on both patches.

Pushed both patches, thanks.

-- 
Peter Eisentraut              http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services