[HACKERS] OpeSSL - PostgreSQL

2017-11-09 Thread chiru r 
Hi All,

I am using PostgreSQL version *9.5.7* on Red hat enterprise Linux *7.2.*

*OpenSSL version : * OpenSSL 1.0.1e-fips 11 Feb 2013.

I have a requirement to enable the SSL in my environment with specific
cipher suites,we want to restrict weak cipher suites from open SSL default
list.

We have list of cipher suites, which are authorized to use in my
environment.So the Client Applications use one of authorized cipher suites
while configuring application server.

Is it require to install different version of OpenSSL software instead of
default OpenSSL on Linux ?.

How to configure the PostgreSQL to allow specif cipher suites from
different client applications?


Thanks,
Chiru

[HACKERS] SSL and Encryption

2017-11-02 Thread chiru r 
Hi ,

Please suggest the best chiper suite to configure openSSL for PostgreSQL
Server and client?.

How to use other than md5 encryption algorithm to encrypt the passwords in
PostgreSQL?

Thanks,
Chiru

Re: [GENERAL] [HACKERS] USER Profiles for PostgreSQL

2017-09-19 Thread chiru r 
Yes, LDAP will do. However we need to sync the user accounts and  groups
between AD and PG servers.and then AD profiles will apply to PG user
accounts for authentication.

It is good if we have user profiles in core PostgreSQL database system. So
it will add more security.

Thanks,
Chiranjeevi

On Tue, Sep 19, 2017 at 3:09 PM, Bruce Momjian <br...@momjian.us> wrote:

> On Tue, Sep 19, 2017 at 01:28:11PM -0400, Stephen Frost wrote:
> > Tom,
> >
> > * Tom Lane (t...@sss.pgh.pa.us) wrote:
> > > chiru r <chir...@gmail.com> writes:
> > > > We are looking  for User profiles in ope source PostgreSQL.
> > > > For example, If a  user password failed n+ times while login ,the
> user
> > > > access has to be blocked few seconds.
> > > > Please let us know, is there any plan to implement user profiles in
> feature
> > > > releases?.
> > >
> > > Not particularly.  You can do that sort of thing already via PAM,
> > > for example.
> >
> > Ugh, hardly and it's hokey and a huge pain to do, and only works on
> > platforms that have PAM.
> >
> > Better is to use an external authentication system (Kerberos, for
> > example) which can deal with this, but I do think this is also something
> > we should be considering for core, especially now that we've got a
> > reasonable password-based authentication method with SCRAM.
>
> Does LDAP do this too?
>
> --
>   Bruce Momjian  <br...@momjian.us>http://momjian.us
>   EnterpriseDB http://enterprisedb.com
>
> + As you are, so once was I.  As I am, so you will be. +
> +  Ancient Roman grave inscription +
>

[HACKERS] USER Profiles for PostgreSQL

2017-09-19 Thread chiru r 
Hi All,

Good Morning.

We are looking  for User profiles in ope source PostgreSQL.

For example, If a  user password failed n+ times while login ,the user
access has to be blocked few seconds.

Please let us know, is there any plan to implement user profiles in feature
releases?.


Thanks,
Chiranjeevi

[HACKERS] SAP Application deployment on PostgreSQL

2017-09-08 Thread chiru r 
Hi All,

We have multiple SAP applications running on Oracle as backend and looking
for an opportunity to migrate from Oracle to PostgreSQL. Has anyone ever
deployed SAP on PostgreSQL community edition?

Is PostgreSQL community involved in any future road-map of SAP application
deployment on PostgreSQL?

Thanks
chiru

[HACKERS] pg_basebackup issue

2017-04-23 Thread chiru r 
Hi Team,

I am using Postgresql 9.5 and I have created backup_admin user and created
dba_admin ROLE with SUPERUSER and REPLICATION ,after that GRANT dba_admin
 role   to backup_admin user and executed  pg_basebakup utility with
backup_admin user.
But I am not able to use the pg_basebackup utility using backup_admin user
and got below FATAL.
pg_basebackup: could not connect to server: FATAL:  must be superuser or
replication role to start walsender

However I have observed only issue with backup_admin  user to use
pg_basebackup utility.

Please help me to understand why pg_basebackup is throwing FATAL when I use
backup_admin?.

Is there any limitation with pg_basebackup utility ?

The process i am following for backup_admin user :

postgres=# select version();
 version
--
 PostgreSQL 9.5.5 on x86_64-pc-linux-gnu, compiled by gcc (GCC) 4.1.2
20080704 (Red Hat 4.1.2-55), 64-bit
(1 row)

postgres=#
postgres=# create user backup_admin password 'X';
CREATE ROLE
postgres=# create role dba_admin SUPERUSER REPLICATION;
CREATE ROLE
postgres=# grant dba_admin to backup_admin;
GRANT ROLE
postgres=# alter user backup_admin set role to dba_admin;
ALTER ROLE

postgres=# \du
   List of roles
Role name | Attributes
| Member of
--++
 backup_admin |
   | {dba_admin}
 dba_admin| Superuser, Cannot login, Replication
| {}
 postgres | Superuser, Create role, Create DB, Replication, Bypass
RLS | {}

[postgres@pgserver ~]$ mkdir online_backups1
[postgres@pgserver ~]$ /opt/PostgreSQL/9.5/bin/pg_basebackup  --format=t
--pgdata=online_backups1 -p 5432 -U backup_admin  -x -z  --verbose
pg_basebackup: could not connect to server: FATAL:  must be superuser or
replication role to start walsender

*Please help me why pg_basebackup is throwing FATAL when I use
backup_admin?.*

*Is there any limitation in pg_basebackup utility ?*

For information the pg_basebackup is working fine for Postgres user and it
is successful.

[postgres@pgserver ~]$ /opt/PostgreSQL/9.5/bin/pg_basebackup  --format=t
--pgdata=online_backups -p 5432 -U postgres  -x -z  --verbose
transaction log start point: 0/228 on timeline 1
transaction log end point: 0/2000130
pg_basebackup: base backup completed

Thanks,
Chiru