Re: Authentication?
| От | Bjørn T Johansen |
|---|---|
| Тема | Re: Authentication? |
| Дата | |
| Msg-id | 20180309092505.28f50377@pennywise-btj.brreg.no обсуждение исходный текст |
| Ответ на | Re: Authentication? (Stephen Frost <sfrost@snowman.net>) |
| Список | pgsql-general |
On Wed, 7 Mar 2018 10:19:35 -0500 Stephen Frost <sfrost@snowman.net> wrote: > Greetings, > > * Bjørn T Johansen (btj@havleik.no) wrote: > > Is it possible to use one authentication method as default, like LDAP, and if the user is not found, then try to authenticateusing > > md5/scram-sha-256 ? > > Not directly in pg_hba.conf. You might be able to construct a system > which works like this using PAM though, but it wouldn't be much fun. > > LDAP use really should be discouraged as it involves sending the > password to the PG server. If you are operating in an active directory > environment then you should be using GSSAPI/Kerberos. > > SCRAM is a good alternative as it doesn't send the password to the > server either, though that is only available in PG10, of course. > > Thanks! > > Stephen Ok, thx... Will check out GSSAPI/Kerberos instead... :) BTJ
В списке pgsql-general по дате отправления: