[HACKERS] OpeSSL - PostgreSQL
Hi All, I am using PostgreSQL version *9.5.7* on Red hat enterprise Linux *7.2.* *OpenSSL version : * OpenSSL 1.0.1e-fips 11 Feb 2013. I have a requirement to enable the SSL in my environment with specific cipher suites,we want to restrict weak cipher suites from open SSL default list. We have list of cipher suites, which are authorized to use in my environment.So the Client Applications use one of authorized cipher suites while configuring application server. Is it require to install different version of OpenSSL software instead of default OpenSSL on Linux ?. How to configure the PostgreSQL to allow specif cipher suites from different client applications? Thanks, Chiru
[HACKERS] SSL and Encryption
Hi , Please suggest the best chiper suite to configure openSSL for PostgreSQL Server and client?. How to use other than md5 encryption algorithm to encrypt the passwords in PostgreSQL? Thanks, Chiru
Re: [GENERAL] [HACKERS] USER Profiles for PostgreSQL
Yes, LDAP will do. However we need to sync the user accounts and groups between AD and PG servers.and then AD profiles will apply to PG user accounts for authentication. It is good if we have user profiles in core PostgreSQL database system. So it will add more security. Thanks, Chiranjeevi On Tue, Sep 19, 2017 at 3:09 PM, Bruce Momjian wrote: > On Tue, Sep 19, 2017 at 01:28:11PM -0400, Stephen Frost wrote: > > Tom, > > > > * Tom Lane (t...@sss.pgh.pa.us) wrote: > > > chiru r writes: > > > > We are looking for User profiles in ope source PostgreSQL. > > > > For example, If a user password failed n+ times while login ,the > user > > > > access has to be blocked few seconds. > > > > Please let us know, is there any plan to implement user profiles in > feature > > > > releases?. > > > > > > Not particularly. You can do that sort of thing already via PAM, > > > for example. > > > > Ugh, hardly and it's hokey and a huge pain to do, and only works on > > platforms that have PAM. > > > > Better is to use an external authentication system (Kerberos, for > > example) which can deal with this, but I do think this is also something > > we should be considering for core, especially now that we've got a > > reasonable password-based authentication method with SCRAM. > > Does LDAP do this too? > > -- > Bruce Momjian http://momjian.us > EnterpriseDB http://enterprisedb.com > > + As you are, so once was I. As I am, so you will be. + > + Ancient Roman grave inscription + >
[HACKERS] USER Profiles for PostgreSQL
Hi All, Good Morning. We are looking for User profiles in ope source PostgreSQL. For example, If a user password failed n+ times while login ,the user access has to be blocked few seconds. Please let us know, is there any plan to implement user profiles in feature releases?. Thanks, Chiranjeevi
[HACKERS] SAP Application deployment on PostgreSQL
Hi All, We have multiple SAP applications running on Oracle as backend and looking for an opportunity to migrate from Oracle to PostgreSQL. Has anyone ever deployed SAP on PostgreSQL community edition? Is PostgreSQL community involved in any future road-map of SAP application deployment on PostgreSQL? Thanks chiru
[HACKERS] pg_basebackup issue
Hi Team, I am using Postgresql 9.5 and I have created backup_admin user and created dba_admin ROLE with SUPERUSER and REPLICATION ,after that GRANT dba_admin role to backup_admin user and executed pg_basebakup utility with backup_admin user. But I am not able to use the pg_basebackup utility using backup_admin user and got below FATAL. pg_basebackup: could not connect to server: FATAL: must be superuser or replication role to start walsender However I have observed only issue with backup_admin user to use pg_basebackup utility. Please help me to understand why pg_basebackup is throwing FATAL when I use backup_admin?. Is there any limitation with pg_basebackup utility ? The process i am following for backup_admin user : postgres=# select version(); version -- PostgreSQL 9.5.5 on x86_64-pc-linux-gnu, compiled by gcc (GCC) 4.1.2 20080704 (Red Hat 4.1.2-55), 64-bit (1 row) postgres=# postgres=# create user backup_admin password 'X'; CREATE ROLE postgres=# create role dba_admin SUPERUSER REPLICATION; CREATE ROLE postgres=# grant dba_admin to backup_admin; GRANT ROLE postgres=# alter user backup_admin set role to dba_admin; ALTER ROLE postgres=# \du List of roles Role name | Attributes | Member of --++ backup_admin | | {dba_admin} dba_admin| Superuser, Cannot login, Replication | {} postgres | Superuser, Create role, Create DB, Replication, Bypass RLS | {} [postgres@pgserver ~]$ mkdir online_backups1 [postgres@pgserver ~]$ /opt/PostgreSQL/9.5/bin/pg_basebackup --format=t --pgdata=online_backups1 -p 5432 -U backup_admin -x -z --verbose pg_basebackup: could not connect to server: FATAL: must be superuser or replication role to start walsender *Please help me why pg_basebackup is throwing FATAL when I use backup_admin?.* *Is there any limitation in pg_basebackup utility ?* For information the pg_basebackup is working fine for Postgres user and it is successful. [postgres@pgserver ~]$ /opt/PostgreSQL/9.5/bin/pg_basebackup --format=t --pgdata=online_backups -p 5432 -U postgres -x -z --verbose transaction log start point: 0/228 on timeline 1 transaction log end point: 0/2000130 pg_basebackup: base backup completed Thanks, Chiru