On 09/11/2011 02:58 PM, mgould@isstrucksoftware.net wrote:
>
> Sim,
>
> Thanks, our users can only get to the application(s) they have on
> their citrix menu. They are locked out of the servers otherwise. I
> haven't had a problem in the past 20 years with another db back end
> but I do think that on the whole I probably ought to consider a
> regular login. I have a few customers that wanted integrated logins
> to active directory which was easy with SQL Anywhere but I guess that
> I would have to use LDAP in order to get that to happen.
>
> Best Regards
>
> Michael Gould
> Intermodal Software Solutions, LLC
> 904-226-0978
>
We use LDAP for authentication, but the user also has to be in the
database. Using LDAP is as easy as adding something like this to your
pg_hba.conf:
ldap "ldap://my-ldap-server.domain/Users;uid=;,ou=Users,dc=domain,dc=local"
Even with nobody being able to use their own client, with trust
authentication, anybody could log in as anybody else without knowing
their password
Sim
