public inbox for [email protected]
help / color / mirror / Atom feedFrom: Martin Goodson <[email protected]>
To: Christoph Moench-Tegeder <[email protected]>
Cc: Tom Lane <[email protected]>
Cc: [email protected]
Subject: Re: Password complexity/history - credcheck?
Date: Sun, 23 Jun 2024 14:14:43 +0100
Message-ID: <[email protected]> (raw)
In-Reply-To: <[email protected]>
References: <[email protected]>
<[email protected]>
<[email protected]>
<[email protected]>
On 23/06/2024 11:49, Christoph Moench-Tegeder wrote:
> My advice would be to not use secrets stored in the database -
> that is, do not use scram-sha-256 - but use an external authentication
> system, like Kerberos (might be AD) or LDAP (might also be AD) and have
> that managed by the security team: that way all these compliance
Crikey, that would be quite a lot of lot of SSL/TLS to set up. We have
quite a few (massive understatement :( ... ) PostgreSQL database
clusters spread over quite a lot (another understatement) of VMs.
The last time I suggested LDAP there was a lot of enthusiasm ... until
they went down and looked at what might have to be done, after which it
all became very quiet ...
Regards,
Martin.
view thread (9+ messages) latest in thread
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected], [email protected], [email protected], [email protected]
Subject: Re: Password complexity/history - credcheck?
In-Reply-To: <[email protected]>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox