From: | Martin Goodson <kaemaril(at)googlemail(dot)com> |
---|---|
To: | Christoph Moench-Tegeder <cmt(at)burggraben(dot)net> |
Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, pgsql-general(at)lists(dot)postgresql(dot)org |
Subject: | Re: Password complexity/history - credcheck? |
Date: | 2024-06-23 13:14:43 |
Message-ID: | de507f6d-2c3b-4f35-9eda-99b81e2a1083@googlemail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
On 23/06/2024 11:49, Christoph Moench-Tegeder wrote:
> My advice would be to not use secrets stored in the database -
> that is, do not use scram-sha-256 - but use an external authentication
> system, like Kerberos (might be AD) or LDAP (might also be AD) and have
> that managed by the security team: that way all these compliance
Crikey, that would be quite a lot of lot of SSL/TLS to set up. We have
quite a few (massive understatement :( ... ) PostgreSQL database
clusters spread over quite a lot (another understatement) of VMs.
The last time I suggested LDAP there was a lot of enthusiasm ... until
they went down and looked at what might have to be done, after which it
all became very quiet ...
Regards,
Martin.
From | Date | Subject | |
---|---|---|---|
Next Message | Kashif Zeeshan | 2024-06-23 14:13:40 | Re: Stack Smashing Detected When Executing initdb |
Previous Message | Christoph Moench-Tegeder | 2024-06-23 10:49:04 | Re: Password complexity/history - credcheck? |