|
Thanks Chris! Since PostgreSQL still have to have those accounts even if we authenticate it externally we have to get at least the user creation date from the instance as
that information might be different in instance vs external utility. Is there a possibility we can get it. Most of our accounts are AD authenticated however we have some like (postgres – superuser!) which is local or peer authenticated we want to control that as
well and hence the requirement. Regards, Virendra From: Christopher Browne [mailto:cbbrowne@xxxxxxxxx]
On Thu, 9 May 2019 at 16:43, Kumar, Virendra <Virendra.Kumar@xxxxxxxxxxx> wrote:
Since there is a diversity of ways of managing this information, including outside the database, there is no way to assert a true-in-general mechanism for this. Indeed, if you are interested in managing such information particularly carefully, you may wish to use mechanisms such as PAM, Kerberos, LDAP, GSSAPI for this, in which case PostgreSQL may have no responsibility in the matter of managing
passwords. It is quite likely a good idea to use something like Kerberos if you have the concerns that you describe, and if so, the audit information you want would be collected from Kerberos, not PostgreSQL
When confronted by a difficult problem, solve it by reducing it to the This message is intended only for the use of the addressee and may contain information that is PRIVILEGED AND CONFIDENTIAL. If you are not the intended recipient, you are hereby notified that any dissemination of this communication is strictly prohibited. If you have received this communication in error, please erase all copies of the message and its attachments and notify the sender immediately. Thank you. |
