On Wed, Oct 11, 2017 at 11:19 AM, Stephen Frost <sfrost@xxxxxxxxxxx> wrote:
As I understand it, you're in an Active Directory environment, where
what you really want to be using for authentication is Kerberos / GSSAPI,
not LDAP. With LDAP, the password is still sent to the PG server in
cleartext during the authentication and that's entirely unnecessary in
an Active Directory environment where you have a Kerberos realm already
in place.
Yes thanks for this info. I'll read up on Kerberos auth and change my long-term plan on that accordingly.
