Schedule - PGConf.EU 2023
Advanced Authentication and Encrypted Connections
PostgreSQL supports a number of different authentication mechanisms and while many of them are quite simple and easy to use, the enterprise-level authentication systems, which also support encryption of the connection, require setup beyond PostgreSQL and a deeper understanding of how authentication works.
This talk will cover implementing the two most prevelant enterprise authentication schemes- Kerberos/GSSAPI (used extensively by universities and businesses, and is the authentication system for Microsoft Windows) and Client-Side Certificates / SSL (used by many governments and high security systems). We will go into detail on how to integrate PostgreSQL into these enterprise authentication schemes, and cover the different options and limitations, including how to ensure that all connections to your PostgreSQL server are fully authenticated (client to server and server to client) and encrypted.
We will also discuss the status of credential proxying to allow client credentials to be used to passed to PostgreSQL to allow connections to other systems, such as with postgres_fdw.