Re: User Authentication: LDAP and "local" accounts concurrently ?

----- On Nov 23, 2018, at 4:17 PM, Stephen Frost sfrost@snowman.net wrote:

> Greetings,
> 
> * Lentes, Bernd (bernd.lentes@helmholtz-muenchen.de) wrote:
>> i created a Postgres Server 9.6 on a SLES 12 SP3 box. In our institution we have
>> a Windows ADS which i like to use to authenticate users via LDAP.
> 
> For running PostgreSQL in a Windows ADS environment, you should really
> be using GSSAPI / Kerberos and *not* using LDAP authentication.
> 
> GSSAPI / Kerberos is what Windows uses to authenticate users and
> services and it's much more secure than using LDAP.

Hi Stephen,

thanks for your answer. I'm not familiar with LDAP, GSSAPI and Kerberos.
Why is it more secure ?

Bernd
 

Helmholtz Zentrum Muenchen
Deutsches Forschungszentrum fuer Gesundheit und Umwelt (GmbH)
Ingolstaedter Landstr. 1
85764 Neuherberg
www.helmholtz-muenchen.de
Aufsichtsratsvorsitzende: MinDirig.in Petra Steiner-Hoffmann
Stellv.Aufsichtsratsvorsitzender: MinDirig. Dr. Manfred Wolter
Geschaeftsfuehrer: Prof. Dr. med. Dr. h.c. Matthias Tschoep, Heinrich Bassler, Dr. rer. nat. Alfons Enhsen
Registergericht: Amtsgericht Muenchen HRB 6466
USt-IdNr: DE 129521671