Search Postgresql Archives

Re: LDAP(s) doc misleading

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Stephen,

> On 06. Jan, 2021, at 18:14, Stephen Frost <sfrost@xxxxxxxxxxx> wrote:
> 
> When in an Active Directory environment, it's far more secure to use
> Kerberos/GSSAPI and not LDAP (or LDAPS).  Using the ldap authentication
> method with PostgreSQL will result in the credentials of users being
> sent to the database server, such that if the database server is
> compromised so will all of those user accounts.

I understand. But users can't login on the database server, just on the database. Database servers and client machines are located in different network zones with firewalls between them.

Also, my point was not about using LDAP(S) versus Kerberos or GSSAPI. My point was, that I find the description of the ldapscheme entry misleading.

Cheers,
Paul





[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Books]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]

  Powered by Linux