On Wed, Oct 11, 2017 at 11:19 AM, Stephen Frost <sfrost@snowman.net> wrote:
As I understand it, you're in an Active Directory environment, where what you really want to be using for authentication is Kerberos / GSSAPI, not LDAP. With LDAP, the password is still sent to the PG server in cleartext during the authentication and that's entirely unnecessary in an Active Directory environment where you have a Kerberos realm already in place.
Yes thanks for this info. I'll read up on Kerberos auth and change my long-term plan on that accordingly.