On 02/05/2013 12:44 PM, Scott Marlowe wrote:
Stop. If you want secure setups you don't hand out root access to lots of people. Trying to then make it secure is like closing the barn door after the horse has left.
I guess you missed the part where I said I thought we should lock root down better. I can certainly influence that policy, but I can't enforce it. But there's also this addendum I added:
"I don't think I'd even want a restricted set of root users able to see my LDAP password in plain text."
Why? Because say I don't care about the database. Say that's a lost cause because everyone and their dog has root. Whatever. By exposing LDAP passwords, now anyone with root can compromise an LDAP user's identity entirely, across the organization, on Windows and Linux servers.
By using LDAP, I've turned a small "Gee, nobody ever changes their password" hole into "Bob just framed Jim for killing the CEO." Not kosher.
Right now, the only person who knows my LDAP credentials is myself. Barring hackers, no admin even knows what it is. I'd kinda like to keep it that way.
Someone in the admin team brought up Kerberos as a way to let the underlying system punt through to the LDAP server, so we're investigating that instead. If we then strongly encourage people to not use .pgpass and just let kerberos cache their credentials, that should take care of it. Maybe.
-- Shaun Thomas OptionsHouse | 141 W. Jackson Blvd. | Suite 500 | Chicago IL, 60604 312-676-8870 sthomas@xxxxxxxxxxxxxxxx ______________________________________________ See http://www.peak6.com/email_disclaimer/ for terms and conditions related to this email -- Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general