| From: | Stephen Frost <sfrost(at)snowman(dot)net> |
|---|---|
| To: | Daulat <daulat(dot)dba(at)gmail(dot)com> |
| Cc: | pgsql-admin <pgsql-admin(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: Password authorization |
| Date: | 2022-01-21 19:50:07 |
| Message-ID: | 20220121195007.GI10577@tamriel.snowman.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
Greetings,
* Daulat (daulat(dot)dba(at)gmail(dot)com) wrote:
> Is there any alternative in postgres to manage the user password
> authorisation?
> What about LDAP with respect to this approach?
PostgreSQL supports GSSAPI / Kerberos, which is a much better approach
in Active Directory and other environments where Kerberos is deployed.
Using LDAP exposes the user's password to the database server and
therefore isn't secure and should be strongly discouraged.
You can certainly have applications authenticate to PostgreSQL using
Kerberos too with very little overhead (unlike PG's LDAP authentication
option, which makes a synchronous call out to the LDAP server on each
and every login).
Thanks,
Stephen
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Stephen Frost | 2022-01-21 19:50:53 | Re: Gauging progress of COPY? |
| Previous Message | ryaz aws | 2022-01-21 14:28:51 | Re: PGAdmin - psql tool issue |