Article directory
foreword
The password complexity setting of PostgreSQL database can be realized by installing the passwordcheck extension plug-in. The default password complexity rule of the plug-in is that the password length must be greater than or equal to 8, must contain letters and non-letters, and passwords cannot contain user names. If these rules still cannot meet your password strength requirements, you can also install cracklib and dictionaries to improve password strength.
1. Download the extension
The passwordcheck extension is included in the source code installation package of the PostgreSQL database, so you need to download the installation package consistent with your database version first.
Installation package download address: http://www.postgresql.org/ftp/source/
# 解压安装包
tar -zxvf postgresql-14.7.tar.gz
The decompressed postgresql-14.7/contrib/passwordcheck directory is the file directory of the passwordcheck plugin
2. Install cracklib and dictionaries
If the default password rules of the passwordcheck plugin cannot meet your needs, then you need to install cracklib and dictionaries in this step.
yum install –y cracklib-devel cracklib-dicts cracklib
3. Modify passwordcheck related configuration
Enter the source installation package folder of postgresql, enter the contrib directory, and find the passwordcheck folder
cd postgresql-14.7/contrib/passwordcheck
Edit and modify MIN_PWD_LENGTH in the passwordcheck.c file, you can change the minimum password length according to actual needs, the default value is 8, it is recommended to change it to 20 or greater. Note: The # sign here is not a comment, do not remove it.
Modify the Makefile file, remove the 2-line comment in the red box in the figure below, and modify the dictionary file and path (the file should not have the .pwd suffix, as shown in the figure below). If you don't know the path to the cracklib_dict file. You can use the find command to query, please make sure the path is correct.
find / -name cracklib_dict*
Fourth, edit and install the passwordcheck plug-in
Use the make command to compile and install the plugin.
make && make install
5. Loading module
Open the ${PGDATA?}/postgresql.conf file, modify the shared_preload_libraries parameter to include 'passwordcheck', and restart the database.
# 注意配置文件路径
vi /pgsql/postgresql/data/postgresql.conf
6. Test
Create a user to test whether the password complexity is set successfully. The prompt "ERROR: password is too short" in the figure below indicates that the setting is successful.
create user admin001 with password '123abc';
Summarize
Pay attention to the path and permissions when setting the password complexity, and troubleshoot the problem according to the error report.