We can't find the internet
Attempting to reconnect
Something went wrong!
Hang in there while we get back on track
Configuration and Authentication: Michael Paquier - PGCon 2023
Learn about PostgreSQL configuration and authentication features, including identity verification, SSL/SSPI, Kerberos, Scram protocol, and regex-based policies, and how to use views and files to manage authentication settings.
- When compiling PostgreSQL, the client must verify the server’s identity to avoid possible attacks.
- PostgreSQL provides flexibility in configuration and authentication, including include lists and regular expressions.
- Authentication policies can be complex, using sspi, ssl, and channel bindings.
- Client libraries need to implement extra checks, such as verifying the server’s identity, to ensure secure connections.
- PostgreSQL has several authentication methods, including Kerberos, and peer authentication.
- Thepossibility of regex matches in pg_hba.conf makes it easier to apply complex policies.
- PostgreSQL has a Scram protocol and Scram hashes/verifiers to provide an additional layer of security.
- The pg_ident file is used to map a system user to a PostgreSQL user.
- The iteration count can be used as a parameter in the Scram protocol.
- Regular expressions can be used in pg_hba.conf and pg_ident.conf for flexible authentication policies.
-
PostgreSQL has many views for configuration and authentication, such as
pg_hba_file_rulesandpg_hba_file_auth. - The system views can be used to check and apply HBA entries.
- PostgreSQL has a Scram-based password protocol, which is a improvement over MD5-based passwords.
- Client libraries need to implement extra checks to ensure secure connections.
- Thepossibility of installing a backend leaky queue can be used to debug PostgreSQL instances.