| From: | Don Seiler <don(at)seiler(dot)us> |
|---|---|
| To: | Stephen Frost <sfrost(at)snowman(dot)net> |
| Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, pgsql-admin <pgsql-admin(at)postgresql(dot)org> |
| Subject: | Re: Passwords in clear text in server log |
| Date: | 2017-10-11 16:25:49 |
| Message-ID: | CAHJZqBAYL38oUd=Vh2n3e7FoB+S-mR9N0ya=gS656do22sKgKw@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
On Wed, Oct 11, 2017 at 11:19 AM, Stephen Frost <sfrost(at)snowman(dot)net> wrote:
> As I understand it, you're in an Active Directory environment, where
> what you really want to be using for authentication is Kerberos / GSSAPI,
> not LDAP. With LDAP, the password is still sent to the PG server in
> cleartext during the authentication and that's entirely unnecessary in
> an Active Directory environment where you have a Kerberos realm already
> in place.
Yes thanks for this info. I'll read up on Kerberos auth and change my
long-term plan on that accordingly.
Thanks,
Don.
--
Don Seiler
www.seiler.us
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Alvaro Herrera | 2017-10-11 19:43:23 | Re: Passwords in clear text in server log |
| Previous Message | Stephen Frost | 2017-10-11 16:19:14 | Re: Passwords in clear text in server log |