Quick Links

Re: Passwords in clear text in server log

From:	Stephen Frost <sfrost(at)snowman(dot)net>
To:	Don Seiler <don(at)seiler(dot)us>
Cc:	Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, pgsql-admin <pgsql-admin(at)postgresql(dot)org>
Subject:	Re: Passwords in clear text in server log
Date:	2017-10-11 16:19:14
Message-ID:	20171011161914.GN4628@tamriel.snowman.net
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-admin

Don,

* Don Seiler (don(at)seiler(dot)us) wrote:
> Long-term I'm hoping to get our PG databases talking to our LDAP, there's a
> few internal issues and priorities that have that on the back burner for
> now.

As I understand it, you're in an Active Directory environment, where
what you really want to be using for authentication is Kerberos / GSSAPI,
not LDAP. With LDAP, the password is still sent to the PG server in
cleartext during the authentication and that's entirely unnecessary in
an Active Directory environment where you have a Kerberos realm already
in place.

Thanks!

Stephen

In response to

Re: Passwords in clear text in server log at 2017-10-11 16:11:03 from Don Seiler

Responses

Re: Passwords in clear text in server log at 2017-10-11 16:25:49 from Don Seiler

Browse pgsql-admin by date

	From	Date	Subject
Next Message	Don Seiler	2017-10-11 16:25:49	Re: Passwords in clear text in server log
Previous Message	Don Seiler	2017-10-11 16:11:03	Re: Passwords in clear text in server log