Search Postgresql Archives

.pgpass and root: a problem

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hey folks,

We're wanting to implement a more secure password policy, and so have considered switching to LDAP/Active Directory for passwords. Normally, this would be fine, but for two things:

1. Tons of our devs use .pgpass files to connect everywhere.
2. Several devs have root access to various environments.

So, by switching from database-stored passwords to LDAP, we open a security problem that currently only affects the database, to developers' personal LDAP password, which is the key to every service and machine they use in the company.

Unfortunately I can't see any way around this at all. Ident won't really work on remote systems, .pgpass isn't encrypted, and you can't use encrypted/hashed password entries either.

I agree that we should probably have our root access much more locked down than it is, but it's still a valid problem. I don't think I'd even want a restricted set of root users able to see my LDAP password in plain text.

Has anyone put thought into combining LDAP and .pgpass, or has it simply been abandoned every time the issue has presented itself?

Thanks in advance!

--
Shaun Thomas
OptionsHouse | 141 W. Jackson Blvd. | Suite 500 | Chicago IL, 60604
312-676-8870
sthomas@xxxxxxxxxxxxxxxx

______________________________________________

See http://www.peak6.com/email_disclaimer/ for terms and conditions related to this email


--
Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Books]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]
  Powered by Linux