| From: | Martin Goodson <kaemaril(at)googlemail(dot)com> |
|---|---|
| To: | Christoph Moench-Tegeder <cmt(at)burggraben(dot)net> |
| Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, pgsql-general(at)lists(dot)postgresql(dot)org |
| Subject: | Re: Password complexity/history - credcheck? |
| Date: | 2024-06-23 13:14:43 |
| Message-ID: | de507f6d-2c3b-4f35-9eda-99b81e2a1083@googlemail.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On 23/06/2024 11:49, Christoph Moench-Tegeder wrote:
> My advice would be to not use secrets stored in the database -
> that is, do not use scram-sha-256 - but use an external authentication
> system, like Kerberos (might be AD) or LDAP (might also be AD) and have
> that managed by the security team: that way all these compliance
Crikey, that would be quite a lot of lot of SSL/TLS to set up. We have
quite a few (massive understatement :( ... ) PostgreSQL database
clusters spread over quite a lot (another understatement) of VMs.
The last time I suggested LDAP there was a lot of enthusiasm ... until
they went down and looked at what might have to be done, after which it
all became very quiet ...
Regards,
Martin.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Kashif Zeeshan | 2024-06-23 14:13:40 | Re: Stack Smashing Detected When Executing initdb |
| Previous Message | Christoph Moench-Tegeder | 2024-06-23 10:49:04 | Re: Password complexity/history - credcheck? |