| From: | Sim Zacks <sim(at)compulab(dot)co(dot)il> |
|---|---|
| To: | PostgreSQL general <pgsql-general(at)postgresql(dot)org> |
| Subject: | Re: Security setup. |
| Date: | 2011-09-11 12:03:00 |
| Message-ID: | 4E6CA374.9020305@compulab.co.il |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On 09/11/2011 02:58 PM, mgould(at)isstrucksoftware(dot)net wrote:
>
> Sim,
>
> Thanks, our users can only get to the application(s) they have on
> their citrix menu. They are locked out of the servers otherwise. I
> haven't had a problem in the past 20 years with another db back end
> but I do think that on the whole I probably ought to consider a
> regular login. I have a few customers that wanted integrated logins
> to active directory which was easy with SQL Anywhere but I guess that
> I would have to use LDAP in order to get that to happen.
>
> Best Regards
>
> Michael Gould
> Intermodal Software Solutions, LLC
> 904-226-0978
>
We use LDAP for authentication, but the user also has to be in the
database. Using LDAP is as easy as adding something like this to your
pg_hba.conf:
ldap "ldap://my-ldap-server.domain/Users;uid=;,ou=Users,dc=domain,dc=local"
Even with nobody being able to use their own client, with trust
authentication, anybody could log in as anybody else without knowing
their password
Sim
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Mudit Mishra | 2011-09-11 14:37:55 | writing block 6850 of relation 1663/17231/1259 |
| Previous Message | Sim Zacks | 2011-09-11 07:44:33 | Re: Security setup. |