Quick Links

Re: LDAP(s) doc misleading

From:	Stephen Frost <sfrost(at)snowman(dot)net>
To:	Paul Förster <paul(dot)foerster(at)gmail(dot)com>
Cc:	pgsql-general(at)postgresql(dot)org
Subject:	Re: LDAP(s) doc misleading
Date:	2021-01-06 17:14:02
Message-ID:	20210106171402.GI27507@tamriel.snowman.net
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-general

Greetings,

* Paul Förster (paul(dot)foerster(at)gmail(dot)com) wrote:
> I found this because I'm in the process of making our Linux LDAP servers obsolete by reconfiguring PostgreSQL to use our company Windows Active Directory LDAPS service.

When in an Active Directory environment, it's far more secure to use
Kerberos/GSSAPI and not LDAP (or LDAPS). Using the ldap authentication
method with PostgreSQL will result in the credentials of users being
sent to the database server, such that if the database server is
compromised so will all of those user accounts.

Thanks,

Stephen

In response to

LDAP(s) doc misleading at 2021-01-06 07:35:52 from Paul Förster

Responses

Re: LDAP(s) doc misleading at 2021-01-07 09:45:31 from Paul Förster

Browse pgsql-general by date

	From	Date	Subject
Next Message	Andrus	2021-01-06 17:15:24	Error messages on duplicate schema names
Previous Message	Magnus Hagander	2021-01-06 15:57:17	Re: Using more than one LDAP?