Home > mailing lists

Re: LDAPS trusted ca support - Mailing list pgsql-bugs

From	Stephen Frost
Subject	Re: LDAPS trusted ca support
Date	December 3, 2019 23:35:26
Msg-id	20191203203526.GT6962@tamriel.snowman.net Whole thread Raw
In response to	Re: LDAPS trusted ca support (Marco Cuccato <mcuccato.vts@gmail.com>)
Responses	Re: LDAPS trusted ca support
List	pgsql-bugs

Tree view

Greetings,

* Marco Cuccato (mcuccato.vts@gmail.com) wrote:
> unfortunately I cannot modify the company's LDAP server configuration.

Note that if you're working in an Active Directory environment, you
should really be considering Kerberos/GSSAPI instead of LDAP for your
authentication.  Using PostgreSQL's "ldap" auth method means that the
user's password is sent to, and read by, the PostgreSQL server, which
isn't really very secure.

You'll definitely also want to be using SSL/TLS between the PostgreSQL
client system and the PostgreSQL server, but that doesn't help you if
the PostgreSQL server itself is compromised.

Thanks,

Stephen

Attachment

signature.asc

pgsql-bugs by date:

From: Stephen Frost
Date: 03 December 2019, 23:31:23
Subject: Re: incorrect pg_dump output due to not handling dropped rolescorrectly

From: Stephen Frost
Date: 03 December 2019, 23:43:11
Subject: Re: Numeric is not leakproof

Re: LDAPS trusted ca support - Mailing list pgsql-bugs

Attachment

Previous

Next