From: | "Lentes, Bernd" <bernd(dot)lentes(at)helmholtz-muenchen(dot)de> |
---|---|
To: | Stephen Frost <sfrost(at)snowman(dot)net> |
Cc: | pgsql-admin <pgsql-admin(at)lists(dot)postgresql(dot)org> |
Subject: | Re: User Authentication: LDAP and "local" accounts concurrently ? |
Date: | 2018-11-23 18:57:13 |
Message-ID: | 448603474.21010176.1542999433914.JavaMail.zimbra@helmholtz-muenchen.de |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-admin |
----- On Nov 23, 2018, at 4:17 PM, Stephen Frost sfrost(at)snowman(dot)net wrote:
> Greetings,
>
> * Lentes, Bernd (bernd(dot)lentes(at)helmholtz-muenchen(dot)de) wrote:
>> i created a Postgres Server 9.6 on a SLES 12 SP3 box. In our institution we have
>> a Windows ADS which i like to use to authenticate users via LDAP.
>
> For running PostgreSQL in a Windows ADS environment, you should really
> be using GSSAPI / Kerberos and *not* using LDAP authentication.
>
> GSSAPI / Kerberos is what Windows uses to authenticate users and
> services and it's much more secure than using LDAP.
Hi Stephen,
thanks for your answer. I'm not familiar with LDAP, GSSAPI and Kerberos.
Why is it more secure ?
Bernd
Helmholtz Zentrum Muenchen
Deutsches Forschungszentrum fuer Gesundheit und Umwelt (GmbH)
Ingolstaedter Landstr. 1
85764 Neuherberg
www.helmholtz-muenchen.de
Aufsichtsratsvorsitzende: MinDirig.in Petra Steiner-Hoffmann
Stellv.Aufsichtsratsvorsitzender: MinDirig. Dr. Manfred Wolter
Geschaeftsfuehrer: Prof. Dr. med. Dr. h.c. Matthias Tschoep, Heinrich Bassler, Dr. rer. nat. Alfons Enhsen
Registergericht: Amtsgericht Muenchen HRB 6466
USt-IdNr: DE 129521671
From | Date | Subject | |
---|---|---|---|
Next Message | Stephen Frost | 2018-11-23 19:14:13 | Re: User Authentication: LDAP and "local" accounts concurrently ? |
Previous Message | Stephen Frost | 2018-11-23 15:17:25 | Re: User Authentication: LDAP and "local" accounts concurrently ? |