目錄git
Greenplum安全github
身份認證算法
Greenplum安全
身份認證
一、Handles the user anthentication 二、The file is located in $MASTER_DATA_DIRECTORY 三、Comments are ignored 四、File is read line by line 五、First matching line is used 六、All subsequent lines are ignored 七、Pessimistic - if no grants,then deny access 八、To be able to access to a Greenplum database from a distant host,the couple role/host has to be set in the configuration file pg_hba.conf
pg_hba.conf配置鏈接類型
Type of connection: local : Connection is coming in over the Unix Domain Socket host : Connection over the network ,encryption is optional hostssl : Connection over the network ,encryption is enforced hostnossl: Connection over the network ,no encrytion
pg_hba.conf配置鏈接數據庫
Name of database: 一、Database name, or list of database names separated by comma 二、‘all’ for all databases 三、@followed by filename : file containing databases , one per line
pg_hba.conf配置鏈接用戶
Name of the user: 一、Role name,or list of role names separated by comma 二、‘all’ for all roles 三、@followed by filename,file containing role names, one per line 四、+role name: a group where access is granted all members of this group
pg_hba.conf配置鏈接網絡地址
Network address 一、only for host ,hostssl and hostnossl(1st column) 二、Network address might be an IPv2 or IPv6 address CIDR-Address IP-Address + IP-Mask Comment 192.107.2.89/32 192.107.2.89 255.255.255.255 Single network 192.107.2.0/24 192.107.2.0 255.255.255.0 Small network 192.107.0.0/16 192.107.0.0 255.255.0.0 Large network 0.0.0.0/0 0.0.0.0 0.0.0.0 Full network
pg_hba.conf配置用戶的認證方法
Authentication method: trust : 該模式能夠不用密碼直接鏈接數據庫,不安全,通常用於集羣內部局域網內 reject:該模式表示拒絕全部請求 md5 : 該模式較經常使用,發送以前使用md5算法加密的密碼 password : 該模式是使用明文密碼進行身份認證 ldap : 使用LDAP服務器認證 gss : 用GSSAPI和Kerberos認證用戶,只對TCP/IP連接可用 pam: 使用操做系統提供的可插入認證模塊服務(PAM)認證 redius:用RADIUS服務器認證 cert : 使用SSL客戶端證書認證 Ident: 經過獲取客戶端的操做系統用戶名,檢查是否與被訪問的數據庫用戶名匹配