Greetings Mike, * Mike Yeap (wkk1...@gmail.com) wrote: > Hi Thomas, I see..... guess I can't use LDAP authentication for now, :-(
If you're in an active directory environment, you should really be using Kerberos for authentication and NOT LDAP anyway. LDAP-based authentication involves sending the user's password (cleartext) to the PG server, which is really bad security. Hopefully you're at least connecting to PG with SSL, and from PG to LDAP with SSL, but you still run the issue that a compromised server would expose the password of everyone connecting to that server, and when you're using a centralized authentication system like LDAP, that one password gets you access to everything that account has access to. Thanks! Stephen
signature.asc
Description: PGP signature
