credcheck

明文凭证检查器

概览

扩展包名版本分类许可证语言
credcheck5.0SECMITC
ID扩展名BinLibLoadCreateTrustReloc模式
7310credcheck-
相关扩展passwordcheck_cracklib login_hook passwordcheck pgaudit pg_auth_mon set_user auth_delay pg_permissions

版本

类型仓库版本PG 大版本包名依赖
EXTPGDG5.01817161514credcheck-
RPMPGDG4.71817161514credcheck_$v-
DEBPGDG5.01817161514postgresql-$v-credcheck-
OS / PGPG18PG17PG16PG15PG14
el8.x86_64
el8.aarch64
el9.x86_64
el9.aarch64
PGDG 4.7
el9.aarch64.pg15 : credcheck_15
credcheck_15-4.7-1PGDG.rhel9.8.aarch64.rpm PGDG · 4.7 · 40.7KiB credcheck_15-4.7-1PGDG.rhel9.7.aarch64.rpm PGDG · 4.7 · 40.7KiB credcheck_15-4.7-1PGDG.rhel9.6.aarch64.rpm PGDG · 4.7 · 40.8KiB credcheck_15-4.6-1PGDG.rhel9.7.aarch64.rpm PGDG · 4.6 · 40.2KiB credcheck_15-4.6-1PGDG.rhel9.6.aarch64.rpm PGDG · 4.6 · 40.3KiB credcheck_15-4.5-1PGDG.rhel9.7.aarch64.rpm PGDG · 4.5 · 40.2KiB credcheck_15-4.5-1PGDG.rhel9.6.aarch64.rpm PGDG · 4.5 · 40.3KiB credcheck_15-4.4-1PGDG.rhel9.7.aarch64.rpm PGDG · 4.4 · 39.6KiB credcheck_15-4.4-1PGDG.rhel9.6.aarch64.rpm PGDG · 4.4 · 39.7KiB credcheck_15-4.3-1PGDG.rhel9.7.aarch64.rpm PGDG · 4.3 · 39.6KiB credcheck_15-4.3-1PGDG.rhel9.6.aarch64.rpm PGDG · 4.3 · 39.7KiB credcheck_15-4.2-1PGDG.rhel9.aarch64.rpm PGDG · 4.2 · 38.9KiB credcheck_15-4.1-1PGDG.rhel9.aarch64.rpm PGDG · 4.1 · 38.7KiB credcheck_15-3.0-1PGDG.rhel9.aarch64.rpm PGDG · 3.0 · 35.8KiB credcheck_15-2.7-1PGDG.rhel9.aarch64.rpm PGDG · 2.7 · 34.8KiB credcheck_15-2.6-1PGDG.rhel9.aarch64.rpm PGDG · 2.6 · 34.5KiB credcheck_15-2.2-1PGDG.rhel9.aarch64.rpm PGDG · 2.2 · 32.9KiB credcheck_15-2.1-1PGDG.rhel9.aarch64.rpm PGDG · 2.1 · 31.8KiB credcheck_15-2.0-1.rhel9.aarch64.rpm PGDG · 2.0 · 30.9KiB credcheck_15-1.2-1.rhel9.aarch64.rpm PGDG · 1.2 · 27.5KiB credcheck_15-1.0-1.rhel9.aarch64.rpm PGDG · 1.0 · 26.9KiB credcheck_15-0.2.0-3.rhel9.aarch64.rpm PGDG · 0.2.0 · 18.1KiB credcheck_15-0.2.0-1.rhel9.aarch64.rpm PGDG · 0.2.0 · 35.5KiB
PGDG 4.7
el9.aarch64.pg14 : credcheck_14
credcheck_14-4.7-1PGDG.rhel9.8.aarch64.rpm PGDG · 4.7 · 40.6KiB credcheck_14-4.7-1PGDG.rhel9.7.aarch64.rpm PGDG · 4.7 · 40.6KiB credcheck_14-4.7-1PGDG.rhel9.6.aarch64.rpm PGDG · 4.7 · 40.7KiB credcheck_14-4.6-1PGDG.rhel9.7.aarch64.rpm PGDG · 4.6 · 40.2KiB credcheck_14-4.6-1PGDG.rhel9.6.aarch64.rpm PGDG · 4.6 · 40.3KiB credcheck_14-4.5-1PGDG.rhel9.7.aarch64.rpm PGDG · 4.5 · 40.2KiB credcheck_14-4.5-1PGDG.rhel9.6.aarch64.rpm PGDG · 4.5 · 40.3KiB credcheck_14-4.4-1PGDG.rhel9.7.aarch64.rpm PGDG · 4.4 · 39.5KiB credcheck_14-4.4-1PGDG.rhel9.6.aarch64.rpm PGDG · 4.4 · 39.9KiB credcheck_14-4.3-1PGDG.rhel9.7.aarch64.rpm PGDG · 4.3 · 39.5KiB credcheck_14-4.3-1PGDG.rhel9.6.aarch64.rpm PGDG · 4.3 · 39.6KiB credcheck_14-4.2-1PGDG.rhel9.aarch64.rpm PGDG · 4.2 · 39.0KiB credcheck_14-4.1-1PGDG.rhel9.aarch64.rpm PGDG · 4.1 · 38.6KiB credcheck_14-3.0-1PGDG.rhel9.aarch64.rpm PGDG · 3.0 · 35.6KiB credcheck_14-2.7-1PGDG.rhel9.aarch64.rpm PGDG · 2.7 · 34.8KiB credcheck_14-2.6-1PGDG.rhel9.aarch64.rpm PGDG · 2.6 · 34.4KiB credcheck_14-2.2-1PGDG.rhel9.aarch64.rpm PGDG · 2.2 · 32.8KiB credcheck_14-2.1-1PGDG.rhel9.aarch64.rpm PGDG · 2.1 · 31.7KiB credcheck_14-2.0-1.rhel9.aarch64.rpm PGDG · 2.0 · 30.8KiB credcheck_14-1.2-1.rhel9.aarch64.rpm PGDG · 1.2 · 27.4KiB credcheck_14-1.0-1.rhel9.aarch64.rpm PGDG · 1.0 · 26.8KiB credcheck_14-0.2.0-3.rhel9.aarch64.rpm PGDG · 0.2.0 · 18.0KiB credcheck_14-0.2.0-1.rhel9.aarch64.rpm PGDG · 0.2.0 · 35.4KiB
el10.x86_64
el10.aarch64
d12.x86_64
d12.aarch64
d13.x86_64
d13.aarch64
u22.x86_64
u22.aarch64
u24.x86_64
u24.aarch64
u26.x86_64
u26.aarch64

安装

您可以直接安装 credcheck 扩展包的预置二进制包,首先确保 PGDG 仓库已经添加并启用:

pig repo add pgdg -u          # 添加 PGDG 仓库并更新缓存

使用 pig 或者是 apt/yum/dnf 安装扩展:

pig install credcheck;          # 当前活跃 PG 版本安装
pig ext install -y credcheck -v 18  # PG 18
pig ext install -y credcheck -v 17  # PG 17
pig ext install -y credcheck -v 16  # PG 16
pig ext install -y credcheck -v 15  # PG 15
pig ext install -y credcheck -v 14  # PG 14
dnf install -y credcheck_18       # PG 18
dnf install -y credcheck_17       # PG 17
dnf install -y credcheck_16       # PG 16
dnf install -y credcheck_15       # PG 15
dnf install -y credcheck_14       # PG 14
apt install -y postgresql-18-credcheck   # PG 18
apt install -y postgresql-17-credcheck   # PG 17
apt install -y postgresql-16-credcheck   # PG 16
apt install -y postgresql-15-credcheck   # PG 15
apt install -y postgresql-14-credcheck   # PG 14

预加载配置

shared_preload_libraries = 'credcheck';

创建扩展

CREATE EXTENSION credcheck;

用法

credcheck: PostgreSQL 用户名和密码的凭证检查

credcheckCREATE ROLEALTER ROLE 和密码修改时,强制执行可配置的用户名和密码强度规则。它还支持密码重用策略和认证失败封禁。

配置参数

添加到 postgresql.conf

shared_preload_libraries = 'credcheck'

用户名检查

参数描述示例
credcheck.username_min_length用户名最小长度4
credcheck.username_min_special最少特殊字符数1
credcheck.username_min_digit最少数字字符数1
credcheck.username_min_upper最少大写字符数2
credcheck.username_min_lower最少小写字符数1
credcheck.username_min_repeat相邻最大重复字符数2
credcheck.username_contain必须包含其中一个字符a,b,c
credcheck.username_not_contain不得包含这些字符x,y,z
credcheck.username_contain_password用户名不得包含密码on

密码检查

参数描述示例
credcheck.password_min_length密码最小长度8
credcheck.password_min_special最少特殊字符数1
credcheck.password_min_digit最少数字字符数1
credcheck.password_min_upper最少大写字符数1
credcheck.password_min_lower最少小写字符数1
credcheck.password_min_repeat相邻最大重复字符数3
credcheck.password_contain_username密码不得包含用户名on
credcheck.password_valid_untilVALID UNTIL 最少天数60
credcheck.password_valid_maxVALID UNTIL 最大天数365
credcheck.whitelist不受检查约束的用户名admin,super

使用示例

-- 拒绝:用户名太短
CREATE USER abc WITH PASSWORD 'pass';
-- ERROR: username length should match the configured credcheck.username_min_length

-- 拒绝:密码包含用户名
CREATE USER abcd$ WITH PASSWORD 'abcd$xyz';
-- ERROR: password should not contain username

密码重用策略

SET credcheck.password_reuse_history = 2;
SET credcheck.password_reuse_interval = 365;  -- 天

查看密码历史:

SELECT rolename, password_hash FROM pg_password_history;

认证失败封禁

SET credcheck.max_auth_failure = 3;  -- 3次失败后封禁

重置被封禁的用户:

SELECT pg_banned_role_reset();              -- 重置所有
SELECT pg_banned_role_reset('username');     -- 重置特定用户

最后修改 2026-07-02: extension update 2026-07-02 (d4da20c)