On 23/06/2024 11:49, Christoph Moench-Tegeder wrote:
My advice would be to not use secrets stored in the database - that is, do not use scram-sha-256 - but use an external authentication system, like Kerberos (might be AD) or LDAP (might also be AD) and have that managed by the security team: that way all these compliance
Crikey, that would be quite a lot of lot of SSL/TLS to set up. We have quite a few (massive understatement :( ... ) PostgreSQL database clusters spread over quite a lot (another understatement) of VMs.
The last time I suggested LDAP there was a lot of enthusiasm ... until they went down and looked at what might have to be done, after which it all became very quiet ...
Regards, Martin.
