| From: | "Lentes, Bernd" <bernd(dot)lentes(at)helmholtz-muenchen(dot)de> |
|---|---|
| To: | Stephen Frost <sfrost(at)snowman(dot)net> |
| Cc: | pgsql-admin <pgsql-admin(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: User Authentication: LDAP and "local" accounts concurrently ? |
| Date: | 2018-11-23 18:57:13 |
| Message-ID: | 448603474.21010176.1542999433914.JavaMail.zimbra@helmholtz-muenchen.de |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
----- On Nov 23, 2018, at 4:17 PM, Stephen Frost sfrost(at)snowman(dot)net wrote:
> Greetings,
>
> * Lentes, Bernd (bernd(dot)lentes(at)helmholtz-muenchen(dot)de) wrote:
>> i created a Postgres Server 9.6 on a SLES 12 SP3 box. In our institution we have
>> a Windows ADS which i like to use to authenticate users via LDAP.
>
> For running PostgreSQL in a Windows ADS environment, you should really
> be using GSSAPI / Kerberos and *not* using LDAP authentication.
>
> GSSAPI / Kerberos is what Windows uses to authenticate users and
> services and it's much more secure than using LDAP.
Hi Stephen,
thanks for your answer. I'm not familiar with LDAP, GSSAPI and Kerberos.
Why is it more secure ?
Bernd
Helmholtz Zentrum Muenchen
Deutsches Forschungszentrum fuer Gesundheit und Umwelt (GmbH)
Ingolstaedter Landstr. 1
85764 Neuherberg
www.helmholtz-muenchen.de
Aufsichtsratsvorsitzende: MinDirig.in Petra Steiner-Hoffmann
Stellv.Aufsichtsratsvorsitzender: MinDirig. Dr. Manfred Wolter
Geschaeftsfuehrer: Prof. Dr. med. Dr. h.c. Matthias Tschoep, Heinrich Bassler, Dr. rer. nat. Alfons Enhsen
Registergericht: Amtsgericht Muenchen HRB 6466
USt-IdNr: DE 129521671
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Stephen Frost | 2018-11-23 19:14:13 | Re: User Authentication: LDAP and "local" accounts concurrently ? |
| Previous Message | Stephen Frost | 2018-11-23 15:17:25 | Re: User Authentication: LDAP and "local" accounts concurrently ? |