Home > mailing lists

Re: LDAP authenticated session terminated by signal 11: Segmentationfault, PostgresSQL server terminates other active server processes - Mailing list pgsql-general

From	Stephen Frost
Subject	Re: LDAP authenticated session terminated by signal 11: Segmentationfault, PostgresSQL server terminates other active server processes
Date	February 26, 2019 15:24:21
Msg-id	20190226122421.GM6197@tamriel.snowman.net Whole thread Raw
In response to	Re: LDAP authenticated session terminated by signal 11: Segmentationfault, PostgresSQL server terminates other active server processes (Mike Yeap <wkk1020@gmail.com>)
List	pgsql-general

Tree view

Greetings Mike,

* Mike Yeap (wkk1020@gmail.com) wrote:
> Hi Thomas, I see..... guess I can't use LDAP authentication for now, :-(

If you're in an active directory environment, you should really be using
Kerberos for authentication and NOT LDAP anyway.  LDAP-based
authentication involves sending the user's password (cleartext) to the
PG server, which is really bad security.  Hopefully you're at least
connecting to PG with SSL, and from PG to LDAP with SSL, but you still
run the issue that a compromised server would expose the password of
everyone connecting to that server, and when you're using a centralized
authentication system like LDAP, that one password gets you access to
everything that account has access to.

Thanks!

Stephen

Attachment

signature.asc

pgsql-general by date:

From: Steve Atkins
Date: 26 February 2019, 14:48:44
Subject: Re: Replication

From: Peter Eisentraut
Date: 26 February 2019, 17:16:19
Subject: Re: Channel binding not supported using scram-sha-256 passwords

Re: LDAP authenticated session terminated by signal 11: Segmentationfault, PostgresSQL server terminates other active server processes - Mailing list pgsql-general

Attachment

Previous

Next