Greetings,
* smsiebe@gmail.com (smsiebe@gmail.com) wrote:
> When a user fails to login when the LDAP method is used, the ldapbindpasswd
> (in plain text) is leaked to the log, even when the log level is set to
> warning.
If you don't want the server to see the user's password, don't use LDAP
authentication. A much better approach is Kerberos or client-side SSL
certificates.
There may be something which is done to improve the specific case
mentioned here (or perhaps not..), but if LDAP is used then the PG
server will see the user's password because that's how that
authentication system works.
Thanks,
Stephen