Greetings, * Geoff Winkless (pgsqladmin@xxxxxxxx) wrote: > On Wed, 6 May 2020 at 00:05, Tim Cross <theophilusx@xxxxxxxxx> wrote: > > Where Tom's solution fails is with smaller companies that cannot afford > > this level of infrastructure. > > Is there an objection to openldap? It's lightweight (so could > reasonably be run on the same hardware without significant impact), > BSD-ish and mature, and (with the password policy overlay) should > provide exactly the functionality the OP requested. LDAP-based authentication in PG involves passing the user's password to the database server in the clear (or tunneled through SSL, but that doesn't help if the DB is compromised), so it's really not a good solution. Thanks, Stephen
Attachment:
signature.asc
Description: PGP signature
