2023-04-06 - Version 1.0.0
This release adds a major feature called Password Reuse Policy and
the ability to force the use of an expiration date for a password.
It also prevent PostgreSQL to expose the password in the logs in case
of error and fixes some issues reported by users since the past 6 months.
-
Add Password Reuse Policy feature. This implementation use a dedicated
shared memory storage to share the password history between all database.The module must be loaded by adding credcheck to shared_preload_libraries
in postgresql.conf, because it requires additional shared memory.
This means that a server restart is needed to add or remove the module.When credcheck is active, it stores password history across all databases
of the server. To access and manipulate this history, the module provides a
view pg_password_history and the utility functions pg_password_history_reset()
and pg_password_history_timestamp(). These are not available globally but can
be enabled for a specific database with CREATE EXTENSION credcheck.The password history is stored in share memory and written to disk in
file $PGDATA/global/pg_password_history to be loaded at startup. The
share memory history size is set to 65535 records by default and can
be adjusted using the credcheck.history_max_size configuration
directive. Change of this GUC require a PostgreSQL restart. One record
in the history takes 144 bytes so the default is to allocate around
10 MB of additional shared memory for the password history.Two settings allow to control the behavior of this feature:
- credcheck.password_reuse_history: number of distinct passwords set
before a password can be reused. - credcheck.password_reuse_interval: amount of time it takes before a
password can be reused again.
The default value for these settings are 0 which means that all password
reuse policies are disabled.The password history consists of passwords a user has been assigned in
the past. credcheck can restrict new passwords from being chosen from
this history:- If an account is restricted on the basis of number of password changes,
a new password cannot be chosen from the password_reuse_history most
recent passwords. For example, minimum number of password changes is
set to 3, a new password cannot be the same as any of the most recent
3 passwords. - If an account is restricted based on time elapsed, a new password can't
be chosen from those in the history that are newer than the number of
day set to password_reuse_interval. For example, if the password reuse
interval is set to 365, new password must not be among those previously
chosen within the last year.
Thanks to Umair Shahid and Gabi201265 for the feature request.
- credcheck.password_reuse_history: number of distinct passwords set
-
Force PostgreSQL to not expose the password in the log when an error
in CREATE/ALTER role occurs. This behavior can be disabled by setting
the custom variable credcheck.no_password_logging to off. -
Add possibility to enforce the use of an expiration date for a password
with a life time of a specific number of days. Ex:
credcheck.password_valid_until = 60
the password life time must be at least of two months.
Thanks to Umair Shahid for the feature request. -
Allow credcheck to check the user name in CREATE USER statement without
option PASSWORD. Thanks to freeDev84 for the feature report. -
Force credcheck settings to be set/changed only by a superuser.
This fix will break backward compatibility if you use SET credcheck.* on
a non superuser connection. -
Fix detection of the VALID UNTIL clause in CREATE ROLE. Thanks to did16 for
the report. -
Use errcode ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION (28000) for most error messages.