Docs: add passwordcheck module (#3845)

* Moving module references to 'Additional Supplied Moduels' section to better match postregsql docs organization * port postgresql passwordcheck docs

Docs: add passwordcheck module (#3845)
* Moving module references to 'Additional Supplied Moduels' section to better match postregsql docs organization * port postgresql passwordcheck docs
f8ca950f · David Yozie · GitHub · 65fef74e · f8ca950f · f8ca950f
3 changed file
--- a/gpdb-doc/dita/utility_guide/contrib-modules.xml
+++ b/gpdb-doc/dita/utility_guide/contrib-modules.xml
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE topic PUBLIC "-//OASIS//DTD DITA Topic//EN" "topic.dtd">
+<topic id="topic_khf_ltc_vbb">
+  <title>Additional Supplied Modules</title>
+  <shortdesc>This section describes additional modules available in the Greenplum Database
+      <codeph>contrib</codeph> subdirectory.</shortdesc>
+</topic>
--- a/gpdb-doc/dita/utility_guide/passwordcheck.xml
+++ b/gpdb-doc/dita/utility_guide/passwordcheck.xml
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE topic PUBLIC "-//OASIS//DTD DITA Topic//EN" "topic.dtd">
+<topic id="topic_lpy_ytc_vbb">
+  <title>passwordcheck</title>
+  <body>
+    <p>The <codeph>passwordcheck</codeph> module checks users' passwords whenever they are set with
+        <codeph>CREATE ROLE</codeph> or <codeph>ALTER ROLE</codeph>. If a password is considered too
+      weak, it will be rejected and the command will terminate with an error.</p>
+    <p>To enable this module, add <codeph>'$libdir/passwordcheck'</codeph> to
+        <codeph>shared_preload_libraries</codeph> in <filepath>postgresql.conf</filepath>, then
+      restart the server.</p>
+    <p>By default, this module enforces a few simple rules for password strength, which you can
+      modify or extend as you see fit. It is also possible to adapt this module to your needs by
+      modifying the <filepath>Makefile</filepath> and rebuilding the module. <note
+        class="- topic/note " type="caution">To prevent unencrypted passwords from being sent across
+        the network, written to the server log, or otherwise stolen by a database administrator,
+        Greenplum Database enables you to supply pre-encrypted passwords. Many client programs make
+        use of this functionality and encrypt the password before sending it to the server.This
+        limits the usefulness of the <codeph>passwordcheck</codeph> module, because in that case it
+        can only try to guess the password. For this reason, <codeph>passwordcheck</codeph> is not
+        recommended if your security requirements are high. It is more secure to use an external
+        authentication method such as Kerberos than to rely on passwords within the database.
+        Alternatively, you could modify <codeph>passwordcheck</codeph> to reject pre-encrypted
+        passwords, but forcing users to set their passwords in clear text carries its own security
+        risks.</note></p>
+  </body>
+</topic>
--- a/gpdb-doc/dita/utility_guide/utility_guide.ditamap
+++ b/gpdb-doc/dita/utility_guide/utility_guide.ditamap
@@ -62,8 +62,11 @@
                <topicref href="client_utilities/vacuumdb.xml"/>
            </topicref>
        </topicref>
-        <topicref href="orafce_ref.xml"/>
-        <topicref href="dblink.xml"/>
-        <topicref href="hstore.xml"/>
+        <topicref href="contrib-modules.xml">
+            <topicref href="dblink.xml"/>
+            <topicref href="hstore.xml"/>
+            <topicref href="orafce_ref.xml"/>
+            <topicref href="passwordcheck.xml"/>
+        </topicref>
    </topicref>
 </map>