Why do you say that you can't use kerberos w/ apps?
I prefer to not reply to this one otherwise I won't be kind with some people... 😅️
Note that using ldap auth means sending the user's password to the PG
server in cleartext, which is extremely insecure and means that a
compromised PG server could be used to steal the credentials of any user
logging in using this method.
I agree... but for now I can't switch a to full Kerberos setup...
On Thu, 2022-09-15 at 15:16 -0400, Stephen Frost wrote:
Greetings,
We have to use LDAP in our AD environment, Users could use Kerberos but service accounts used by Apps can't.
Why do you say that you can't use kerberos w/ apps?
host all +ldap_roles 192.168.0.0/16 ldap ldapurl="ldap://ldap.service:636/ou=AdminOU,dc=domain,dc=org?sAMAccountName?sub" ldapbinddn="cn=postgres_bind,ou=level1,ou=level2,dc=domain,dc=org" ldapbindpasswd="password"
Note that using ldap auth means sending the user's password to the PG
server in cleartext, which is extremely insecure and means that a
compromised PG server could be used to steal the credentials of any user
logging in using this method.
Thanks,
Stephen
| Sylvain Deveaux Senior Systems Engineer
+64-4-386-0861 +64-21-123-7933 National Institute of Water & Atmospheric Research Ltd (NIWA) 301 Evans Bay Parade, Greta Point Wellington New Zealand Connect with NIWA: niwa.co.nz Facebook LinkedIn Twitter Instagram |
To ensure compliance with legal requirements and to maintain cyber security standards, NIWA's IT systems are subject to ongoing monitoring, activity logging and auditing. This monitoring and auditing service may be provided by third parties. Such third parties can access information transmitted to, processed by and stored on NIWA's IT systems