Re: Password complexity/history - credcheck?

public inbox for [email protected]  
help / color / mirror / Atom feed

From: Christoph Moench-Tegeder <[email protected]>
To: Martin Goodson <[email protected]>
Cc: Tom Lane <[email protected]>
Cc: [email protected]
Subject: Re: Password complexity/history - credcheck?
Date: Mon, 24 Jun 2024 17:01:47 +0200
Message-ID: <[email protected]> (raw)
In-Reply-To: <[email protected]>
References: <[email protected]>
	<[email protected]>
	<[email protected]>
	<[email protected]>
	<[email protected]>

## Martin Goodson ([email protected]):

> Crikey, that would be  quite a lot of  lot of SSL/TLS to set up. We
> have quite a few (massive understatement :( ... ) PostgreSQL database
> clusters spread over quite a lot (another understatement) of VMs.

No matter what: you'll have to touch all your instances anyways.
The good thing is that all the options (including TLS) can be
automatically deployed iff you're set up for that - and you should
be, especially when you have "many" databases.

> The last time I suggested LDAP there was a lot of enthusiasm ... until
> they went down and looked at what might have to be done, after which
> it all became very quiet ...

With "many" databases and personal accounts, you should have some
sort of central management (else even an inventory of the accounts
("who can access what") is a nightmare). Finding the best ways towards
that goal for your organization could be beyond the scope of an email
list - but I'd start with looking at what you already have. I mentioned
LDAP because all too often that's the system which you can most easily
get access to (but depending on your environment, that might mot be
the best solution).

Regards,
Christoph

-- 
Spare Space.

view thread (9+ messages)

reply

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Reply to all the recipients using the --to and --cc options:
  reply via email

  To: [email protected]
  Cc: [email protected], [email protected], [email protected], [email protected]
  Subject: Re: Password complexity/history - credcheck?
  In-Reply-To: <[email protected]>

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox