Why do you say that you can't use kerberos w/ apps?
I prefer to not reply to this one otherwise I won't be kind with some people... 😅️
Note that using ldap auth means sending the user's password to the PG
server in cleartext, which is extremely insecure and means that a
compromised PG server could be used to steal the credentials of any user
logging in using this method.
I agree... but for now I can't switch a to full Kerberos setup...
On Thu, 2022-09-15 at 15:16 -0400, Stephen Frost wrote:
Greetings,
* Sylvain Deveaux (Sylvain.Deveaux@xxxxxxxxxx) wrote:
We have to use LDAP in our AD environment, Users could use Kerberos but service accounts used by Apps can't.
Why do you say that you can't use kerberos w/ apps?
host all +ldap_roles 192.168.0.0/16 ldap ldapurl="ldap://ldap.service:636/ou=AdminOU,dc=domain,dc=org?sAMAccountName?sub" ldapbinddn="cn=postgres_bind,ou=level1,ou=level2,dc=domain,dc=org" ldapbindpasswd="password"
Note that using ldap auth means sending the user's password to the PG
server in cleartext, which is extremely insecure and means that a
compromised PG server could be used to steal the credentials of any user
logging in using this method.
Thanks,
Stephen
|
|
