| From: | Bruce Momjian <bruce(at)momjian(dot)us> |
|---|---|
| To: | Bear Giles <bgiles(at)coyotesong(dot)com> |
| Cc: | Chapman Flack <chap(at)anastigmatix(dot)net>, pgsql-hackers(at)lists(dot)postgresql(dot)org |
| Subject: | Re: Record last password change |
| Date: | 2019-01-22 03:13:56 |
| Message-ID: | 20190122031356.GC19230@momjian.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Wed, Dec 12, 2018 at 07:30:18AM -0700, Bear Giles wrote:
> BTW another solution is SSO, e.g., Kerberos. I still need to submit a patch to
> pgsql to handle it better(*) but with postgresql itself you sign into the
> system and then the database server will just know who you are. You don't have
> to worry about remembering a new password for postgresql. X.509 (digital certs)
> are another possibility and I know you can tie them to a smart card but again I
> don't know how well we could integrate it into pgsql.
(Good to talk to you again.) I recently wrote a blog entry about
putting the certificate and its private key on removable media:
https://momjian.us/main/blogs/pgblog/2019.html#January_16_2019
and mentioned the value of PIV over removable media:
https://momjian.us/main/blogs/pgblog/2019.html#January_14_2019
I can't think of a way to access a smart card for authentication, though
I did wrote a presentation on how to use PIV devices for server-side and
client-side encryption:
https://momjian.us/main/writings/crypto_hw_use.pdf
--
Bruce Momjian <bruce(at)momjian(dot)us> http://momjian.us
EnterpriseDB http://enterprisedb.com
+ As you are, so once was I. As I am, so you will be. +
+ Ancient Roman grave inscription +
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Chapman Flack | 2019-01-22 03:26:43 | Re: Allowing extensions to find out the OIDs of their member objects |
| Previous Message | Bruce Momjian | 2019-01-22 03:04:38 | Re: Record last password change |