| From: | Christoph Moench-Tegeder <cmt(at)burggraben(dot)net> |
|---|---|
| To: | Martin Goodson <kaemaril(at)googlemail(dot)com> |
| Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, pgsql-general(at)lists(dot)postgresql(dot)org |
| Subject: | Re: Password complexity/history - credcheck? |
| Date: | 2024-06-24 15:01:47 |
| Message-ID: | ZnmKW201PpfJmNpy@sciurus.exwg.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
## Martin Goodson (kaemaril(at)googlemail(dot)com):
> Crikey, that would be quite a lot of lot of SSL/TLS to set up. We
> have quite a few (massive understatement :( ... ) PostgreSQL database
> clusters spread over quite a lot (another understatement) of VMs.
No matter what: you'll have to touch all your instances anyways.
The good thing is that all the options (including TLS) can be
automatically deployed iff you're set up for that - and you should
be, especially when you have "many" databases.
> The last time I suggested LDAP there was a lot of enthusiasm ... until
> they went down and looked at what might have to be done, after which
> it all became very quiet ...
With "many" databases and personal accounts, you should have some
sort of central management (else even an inventory of the accounts
("who can access what") is a nightmare). Finding the best ways towards
that goal for your organization could be beyond the scope of an email
list - but I'd start with looking at what you already have. I mentioned
LDAP because all too often that's the system which you can most easily
get access to (but depending on your environment, that might mot be
the best solution).
Regards,
Christoph
--
Spare Space.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | arun chirappurath | 2024-06-24 18:10:30 | Re: Execute permission to function |
| Previous Message | Adrian Klaver | 2024-06-24 14:44:36 | Re: Execute permission to function |