github HexaCluster/credcheck v1.0
Version 1.0.0

latest releases: v3.0, v2.8, v2.7...
21 months ago

2023-04-06 - Version 1.0.0

This release adds a major feature called Password Reuse Policy and
the ability to force the use of an expiration date for a password.
It also prevent PostgreSQL to expose the password in the logs in case
of error and fixes some issues reported by users since the past 6 months.

  • Add Password Reuse Policy feature. This implementation use a dedicated
    shared memory storage to share the password history between all database.

    The module must be loaded by adding credcheck to shared_preload_libraries
    in postgresql.conf, because it requires additional shared memory.
    This means that a server restart is needed to add or remove the module.

    When credcheck is active, it stores password history across all databases
    of the server. To access and manipulate this history, the module provides a
    view pg_password_history and the utility functions pg_password_history_reset()
    and pg_password_history_timestamp(). These are not available globally but can
    be enabled for a specific database with CREATE EXTENSION credcheck.

    The password history is stored in share memory and written to disk in
    file $PGDATA/global/pg_password_history to be loaded at startup. The
    share memory history size is set to 65535 records by default and can
    be adjusted using the credcheck.history_max_size configuration
    directive. Change of this GUC require a PostgreSQL restart. One record
    in the history takes 144 bytes so the default is to allocate around
    10 MB of additional shared memory for the password history.

    Two settings allow to control the behavior of this feature:

    • credcheck.password_reuse_history: number of distinct passwords set
      before a password can be reused.
    • credcheck.password_reuse_interval: amount of time it takes before a
      password can be reused again.

    The default value for these settings are 0 which means that all password
    reuse policies are disabled.

    The password history consists of passwords a user has been assigned in
    the past. credcheck can restrict new passwords from being chosen from
    this history:

    • If an account is restricted on the basis of number of password changes,
      a new password cannot be chosen from the password_reuse_history most
      recent passwords. For example, minimum number of password changes is
      set to 3, a new password cannot be the same as any of the most recent
      3 passwords.
    • If an account is restricted based on time elapsed, a new password can't
      be chosen from those in the history that are newer than the number of
      day set to password_reuse_interval. For example, if the password reuse
      interval is set to 365, new password must not be among those previously
      chosen within the last year.

    Thanks to Umair Shahid and Gabi201265 for the feature request.

  • Force PostgreSQL to not expose the password in the log when an error
    in CREATE/ALTER role occurs. This behavior can be disabled by setting
    the custom variable credcheck.no_password_logging to off.

  • Add possibility to enforce the use of an expiration date for a password
    with a life time of a specific number of days. Ex:
    credcheck.password_valid_until = 60
    the password life time must be at least of two months.
    Thanks to Umair Shahid for the feature request.

  • Allow credcheck to check the user name in CREATE USER statement without
    option PASSWORD. Thanks to freeDev84 for the feature report.

  • Force credcheck settings to be set/changed only by a superuser.
    This fix will break backward compatibility if you use SET credcheck.* on
    a non superuser connection.

  • Fix detection of the VALID UNTIL clause in CREATE ROLE. Thanks to did16 for
    the report.

  • Use errcode ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION (28000) for most error messages.

Don't miss a new credcheck release

NewReleases is sending notifications on new releases.