Not to get off topic, can you authenticate database users via Kerberos?


On Wed, Mar 7, 2018 at 10:19 AM, Stephen Frost <> wrote:

> Greetings,
> * Bjørn T Johansen ( wrote:
> > Is it possible to use one authentication method as default, like LDAP,
> and if the user is not found, then try to authenticate using
> > md5/scram-sha-256 ?
> Not directly in pg_hba.conf.  You might be able to construct a system
> which works like this using PAM though, but it wouldn't be much fun.
> LDAP use really should be discouraged as it involves sending the
> password to the PG server.  If you are operating in an active directory
> environment then you should be using GSSAPI/Kerberos.
> SCRAM is a good alternative as it doesn't send the password to the
> server either, though that is only available in PG10, of course.
> Thanks!
> Stephen

Reply via email to