Home > mailing lists

Re: Authentication? - Mailing list pgsql-general

From	Stephen Frost
Subject	Re: Authentication?
Date	March 7, 2018 21:19:35
Msg-id	20180307151934.GH2416@tamriel.snowman.net Whole thread Raw
In response to	Authentication? (Bjørn T Johansen <btj@havleik.no>)
Responses	Re: Authentication? (Benedict Holland <benedict.m.holland@gmail.com>) Re: Authentication? (Bjørn T Johansen <btj@havleik.no>)
List	pgsql-general

Tree view

Greetings,

* Bjørn T Johansen (btj@havleik.no) wrote:
> Is it possible to use one authentication method as default, like LDAP, and if the user is not found, then try to
authenticateusing 
> md5/scram-sha-256 ?

Not directly in pg_hba.conf.  You might be able to construct a system
which works like this using PAM though, but it wouldn't be much fun.

LDAP use really should be discouraged as it involves sending the
password to the PG server.  If you are operating in an active directory
environment then you should be using GSSAPI/Kerberos.

SCRAM is a good alternative as it doesn't send the password to the
server either, though that is only available in PG10, of course.

Thanks!

Stephen

pgsql-general by date:

From: "David G. Johnston"
Date: 07 March 2018, 21:19:14
Subject: Re: Authentication?

From: Scott Frazer
Date: 07 March 2018, 21:21:51
Subject: Re: Help troubleshooting SubtransControlLock problems

Re: Authentication? - Mailing list pgsql-general

Previous

Next