Re: Password complexity/history - credcheck? - Mailing list pgsql-general

From Christoph Moench-Tegeder
Subject Re: Password complexity/history - credcheck?
Date
Msg-id ZnmKW201PpfJmNpy@sciurus.exwg.net
Whole thread Raw
In response to Re: Password complexity/history - credcheck?  (Martin Goodson <kaemaril@googlemail.com>)
List pgsql-general
## Martin Goodson (kaemaril@googlemail.com):

> Crikey, that would be  quite a lot of  lot of SSL/TLS to set up. We
> have quite a few (massive understatement :( ... ) PostgreSQL database
> clusters spread over quite a lot (another understatement) of VMs.

No matter what: you'll have to touch all your instances anyways.
The good thing is that all the options (including TLS) can be
automatically deployed iff you're set up for that - and you should
be, especially when you have "many" databases.

> The last time I suggested LDAP there was a lot of enthusiasm ... until
> they went down and looked at what might have to be done, after which
> it all became very quiet ...

With "many" databases and personal accounts, you should have some
sort of central management (else even an inventory of the accounts
("who can access what") is a nightmare). Finding the best ways towards
that goal for your organization could be beyond the scope of an email
list - but I'd start with looking at what you already have. I mentioned
LDAP because all too often that's the system which you can most easily
get access to (but depending on your environment, that might mot be
the best solution).

Regards,
Christoph

-- 
Spare Space.



pgsql-general by date:

Previous
From: Adrian Klaver
Date:
Subject: Re: Execute permission to function
Next
From: arun chirappurath
Date:
Subject: Re: Execute permission to function