From: | Stephen Frost <sfrost(at)snowman(dot)net> |
---|---|
To: | Bruce Momjian <bruce(at)momjian(dot)us> |
Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, chiru r <chirupg(at)gmail(dot)com>, Forums postgresql <pgsql-general(at)postgresql(dot)org>, pgsql-hackers(at)postgresql(dot)org |
Subject: | Re: [GENERAL] USER Profiles for PostgreSQL |
Date: | 2017-09-20 12:14:05 |
Message-ID: | 20170920121405.GC4628@tamriel.snowman.net |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general pgsql-hackers |
Bruce,
* Bruce Momjian (bruce(at)momjian(dot)us) wrote:
> On Tue, Sep 19, 2017 at 01:28:11PM -0400, Stephen Frost wrote:
> > * Tom Lane (tgl(at)sss(dot)pgh(dot)pa(dot)us) wrote:
> > > chiru r <chirupg(at)gmail(dot)com> writes:
> > > > We are looking for User profiles in ope source PostgreSQL.
> > > > For example, If a user password failed n+ times while login ,the user
> > > > access has to be blocked few seconds.
> > > > Please let us know, is there any plan to implement user profiles in feature
> > > > releases?.
> > >
> > > Not particularly. You can do that sort of thing already via PAM,
> > > for example.
> >
> > Ugh, hardly and it's hokey and a huge pain to do, and only works on
> > platforms that have PAM.
> >
> > Better is to use an external authentication system (Kerberos, for
> > example) which can deal with this, but I do think this is also something
> > we should be considering for core, especially now that we've got a
> > reasonable password-based authentication method with SCRAM.
>
> Does LDAP do this too?
Active Directory does this, with Kerberos as the authentication
mechanism. Straight LDAP might also support it, but I wouldn't
recommend it because it's really insecure as the PG server will see the
user's password in the cleartext (and it may be sent in cleartext across
the network too unless careful steps are taken to make sure that the
client only ever connects over SSL to a known trusted and verified
server).
Thanks!
Stephen
From | Date | Subject | |
---|---|---|---|
Next Message | Dave Cramer | 2017-09-20 12:22:26 | Re: [GENERAL] JDBC: logical replication and LSN feedback |
Previous Message | David Steele | 2017-09-20 11:56:02 | Re: VM-Ware Backup of VM safe? |
From | Date | Subject | |
---|---|---|---|
Next Message | Alexander Korotkov | 2017-09-20 12:20:59 | Re: compress method for spgist - 2 |
Previous Message | Robert Haas | 2017-09-20 11:57:20 | Re: [COMMITTERS] pgsql: Make WAL segment size configurable at initdb time. |