Enforce encryption
We are running a cluster configured to use SSL for authentication and encryption; i.e., EnableSSL
is set to 1 and certificates and keys are in place.
Client authentication is done by usernames and passwords.
With this being said, we would like to enforce that all clients use SSL when connecting. For example, vsql
uses it by default, but specifying -m disable
lets me connect without any encryption. Is there any way to disallow this? (Likewise for JDBC and ODBC clients.)
0
Comments
Yes, you can disallow by creating client authentication records
created 2 Authentication methods one to reject SSL and other to accept SSL Traffic. Create a role. grant this authentication method to that role and assign all users to newly created role.
Thank you very much! I ended up creating two password-based authentication methods; one for
LOCAL
, and another one forHOST TLS
. This has the implicit effect of not allowing remote connections without TLS/SSL.You are welcome.