Home > mailing lists

Re: Password complexity/history - credcheck? - Mailing list pgsql-general

From	Martin Goodson
Subject	Re: Password complexity/history - credcheck?
Date	June 23 16:14:43
Msg-id	de507f6d-2c3b-4f35-9eda-99b81e2a1083@googlemail.com Whole thread Raw
In response to	Re: Password complexity/history - credcheck? (Christoph Moench-Tegeder <cmt@burggraben.net>)
Responses	Re: Password complexity/history - credcheck? Re: Password complexity/history - credcheck?
List	pgsql-general

Tree view

On 23/06/2024 11:49, Christoph Moench-Tegeder wrote:

My advice would be to not use secrets stored in the database -
that is, do not use scram-sha-256 - but use an external authentication
system, like Kerberos (might be AD) or LDAP (might also be AD) and have
that managed by the security team: that way all these compliance

Crikey, that would be quite a lot of lot of SSL/TLS to set up. We have quite a few (massive understatement :( ... ) PostgreSQL database clusters spread over quite a lot (another understatement) of VMs.

The last time I suggested LDAP there was a lot of enthusiasm ... until they went down and looked at what might have to be done, after which it all became very quiet ...

Regards,

Martin.

pgsql-general by date:

From: Christoph Moench-Tegeder
Date: 23 June, 13:49:04
Subject: Re: Password complexity/history - credcheck?

From: Kashif Zeeshan
Date: 23 June, 17:13:40
Subject: Re: Stack Smashing Detected When Executing initdb

Re: Password complexity/history - credcheck? - Mailing list pgsql-general

Previous

Next