Re: TODO: GNU TLS - Mailing list pgsql-hackers
From | David Fetter |
---|---|
Subject | Re: TODO: GNU TLS |
Date | |
Msg-id | 20061230151550.GH3332@fetter.org Whole thread Raw |
In response to | Re: TODO: GNU TLS (Stephen Frost <sfrost@snowman.net>) |
Responses |
Re: TODO: GNU TLS
|
List | pgsql-hackers |
On Fri, Dec 29, 2006 at 08:12:47PM -0500, Stephen Frost wrote: > * Joshua D. Drake (jd@commandprompt.com) wrote: > > > We use it on some of our production systems (since it can > > > provide cracklib, password expiration, etc, and the postgres > > > instance inside it's own vserver so it doesn't hurt as much to > > > make the passwd/shadow files available to it...). I'd be happy > > > to help you get it to work if you'd like, and I could even > > > provide you with some PG/C functions to use password changing > > > and password aging. :) > > > > Oh, I am sure it is great. I have just never tried that hard to > > get it to work :) > > Oh, I never said it was great, just said that we used it since PG > doesn't directly provide the things we need (cracklib, password > aging, etc). It's never been clear to me how these things in particular are good security measures, but that's a whole different discussion. > > > > I do like --with-ldap because it is pretty much standard > > > > within directory lookups by the nature of Active Directory. > > > > > > Funny you like LDAP but not Kerberos, both of which are part of > > > Active Directory... Using LDAP simple binds to AD for > > > authentication is *quite* silly and *much* less secure than > > > using Kerberos... > > > > Yes but LDAP gives me a lot of other things, easily and it has > > SSL. SSL + Firewall gives me 98% of the security I need. > > Unfortunately, security isn't a game of percentages. Security is *precisely* a game of percentages. There is a lot of silly voodoo running around in among amateurs tasked with security. The silliest usually involves the "tall fencepost" model, which is the diametric opposite of the "weakest link" model. One example of "tall fencepost" security would be hyper-strong crypto applied by demoralized employees with bad will. Attackers just *love* "tall fencepost" security. > Hopefully you'll never have a server compromised which is then used > to capture passwords which can then be used to jump to other > systems... Yeah, it's good to think about cascading failure modes. > Kerberos is there and it's not too hard to use (though does depend > on the MIT Kerberos for Windows service currently). Supporting > SSPI/GSSAPI and then writing a small document on how to generate > Windows keytabs for Postgres would mean single-sign-on for Windows > users using applications which use libpq... Sounds like a nice feature :) Cheers, D -- David Fetter <david@fetter.org> http://fetter.org/ phone: +1 415 235 3778 AIM: dfetter666 Skype: davidfetter Remember to vote!
pgsql-hackers by date: