Quick Links

Re: LDAP authenticated session terminated by signal 11: Segmentation fault, PostgresSQL server terminates other active server processes

From:	Stephen Frost <sfrost(at)snowman(dot)net>
To:	Mike Yeap <wkk1020(at)gmail(dot)com>
Cc:	Thomas Munro <thomas(dot)munro(at)gmail(dot)com>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Laurenz Albe <laurenz(dot)albe(at)cybertec(dot)at>, pgsql-general(at)postgresql(dot)org
Subject:	Re: LDAP authenticated session terminated by signal 11: Segmentation fault, PostgresSQL server terminates other active server processes
Date:	2019-02-26 12:24:21
Message-ID:	20190226122421.GM6197@tamriel.snowman.net
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-general

Greetings Mike,

* Mike Yeap (wkk1020(at)gmail(dot)com) wrote:
> Hi Thomas, I see..... guess I can't use LDAP authentication for now, :-(

If you're in an active directory environment, you should really be using
Kerberos for authentication and NOT LDAP anyway. LDAP-based
authentication involves sending the user's password (cleartext) to the
PG server, which is really bad security. Hopefully you're at least
connecting to PG with SSL, and from PG to LDAP with SSL, but you still
run the issue that a compromised server would expose the password of
everyone connecting to that server, and when you're using a centralized
authentication system like LDAP, that one password gets you access to
everything that account has access to.

Thanks!

Stephen

In response to

Re: LDAP authenticated session terminated by signal 11: Segmentation fault, PostgresSQL server terminates other active server processes at 2019-02-26 09:37:23 from Mike Yeap

Browse pgsql-general by date

	From	Date	Subject
Next Message	Peter Eisentraut	2019-02-26 14:16:19	Re: Channel binding not supported using scram-sha-256 passwords
Previous Message	Steve Atkins	2019-02-26 11:48:44	Re: Replication