On Wed, Dec 12, 2018 at 07:30:18AM -0700, Bear Giles wrote: > BTW another solution is SSO, e.g., Kerberos. I still need to submit a patch to > pgsql to handle it better(*) but with postgresql itself you sign into the > system and then the database server will just know who you are. You don't have > to worry about remembering a new password for postgresql. X.509 (digital > certs) > are another possibility and I know you can tie them to a smart card but again > I > don't know how well we could integrate it into pgsql.
(Good to talk to you again.) I recently wrote a blog entry about putting the certificate and its private key on removable media: https://momjian.us/main/blogs/pgblog/2019.html#January_16_2019 and mentioned the value of PIV over removable media: https://momjian.us/main/blogs/pgblog/2019.html#January_14_2019 I can't think of a way to access a smart card for authentication, though I did wrote a presentation on how to use PIV devices for server-side and client-side encryption: https://momjian.us/main/writings/crypto_hw_use.pdf -- Bruce Momjian <br...@momjian.us> http://momjian.us EnterpriseDB http://enterprisedb.com + As you are, so once was I. As I am, so you will be. + + Ancient Roman grave inscription +