patternsqlMinor
Is there any way to prevent a PostgreSQL user to change his/her own password?
Viewed 0 times
postgresqlherpreventhisuseranywaypasswordownthere
Problem
I'm administering a PotsgreSQL server and recently I realized that my "nonsuperuser" users have the possibility to change the secure passwords that I assign them for insecure ones.
I searched in the
Thanks in advance!
I searched in the
REVOKE docs, but I couldn't find a way to prevent that. It is possible?Thanks in advance!
Solution
AFAIK, there is no way to prevent a user from changing his/her password. It's been discussed (quite long ago) on ocassion on PostgreSQL mailing list, and all the answers I remember were basically "no, you can't".
However, there's a contrib module, called
From the docs:
The
To enable this module, add
I've never used the module myself.
However, there's a contrib module, called
passwordcheck, whose objective is to guarantee the strength of passwords, if that's what you wish (as already commented by @RDFozz).From the docs:
The
passwordcheck module checks users' passwords whenever they are set with CREATE ROLE or ALTER ROLE. If a password is considered too weak, it will be rejected and the command will terminate with an error.To enable this module, add
'$libdir/passwordcheck' to shared_preload_libraries in postgresql.conf, then restart the server.I've never used the module myself.
Context
StackExchange Database Administrators Q#176205, answer score: 7
Revisions (0)
No revisions yet.