| From: | Steven Siebert <smsiebe(at)gmail(dot)com> |
|---|---|
| To: | Stephen Frost <sfrost(at)snowman(dot)net> |
| Cc: | pgsql-bugs(at)postgresql(dot)org |
| Subject: | Re: BUG #10680: LDAP bind password leaks to log on failed authentication |
| Date: | 2014-06-19 13:47:49 |
| Message-ID: | CAC3nzejuQTGTaTyRg9wvYVw9y3ih=iN=+MG-aLasQn+PeG3u=w@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
Thanks for the reply.
>
> If you don't want the server to see the user's password, don't use LDAP
> authentication. A much better approach is Kerberos or client-side SSL
> certificates.
Sadly, all other authentication options will not work for us.
I'm not seeing the user password in the log, I'm seeing the bind
password (ldapbindpasswd) that in the pg_hba.conf file. There is a
line in auth.c that, on every failed attempt, prints the full (raw)
configuration line to the log at all log levels. So, this isn't just
a problem with LDAP (with ldapbindpasswd) but also the RADIUS method
(radiussecret).
I've submitted a patch and we're discussing the problem further on the
pgsql-hackers distro. Really, I think it all comes down to finding
the right balance of security and convenience of the administrator.
I'm hopeful we'll come up with the right answer soon and I can submit
a new patch.
S
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Stephen Frost | 2014-06-19 13:54:28 | Re: BUG #10680: LDAP bind password leaks to log on failed authentication |
| Previous Message | Pontus Lundkvist | 2014-06-19 13:01:28 | Re: BUG #10692: psql: \c service=foo only uses dbname information |