On Mon, Jun 23, 2025 at 2:45 PM raphi <ra...@crashdump.ch> wrote: > As of now though we cannot use PG for any PCI/DSS certified application > because we can't enforce either complexity nor regular password changes, >
You can, and many, many companies do, but you need a modern auth system like Kerberos. Even if we were to put something into Postgres today (and given the MFA and re-use requirements, it's near impossible), PCI DSS keeps evolving and getting stricter, so keeping up with it would get harder with each release. Can I do something to help bringing these feature into PG? My C knowledge > is very limited so I won't be able to provide a patch but I'd be more than > happy to test it. Your energy would be much better used in bringing Kerberos into your organization. :) Cheers, Greg -- Crunchy Data - https://www.crunchydata.com Enterprise Postgres Software Products & Tech Support