Enforce encryption

gjorgjevskigjorgjevski Registered User
edited October 9 in Vertica Forum

We are running a cluster configured to use SSL for authentication and encryption; i.e., EnableSSL is set to 1 and certificates and keys are in place.

Client authentication is done by usernames and passwords.

With this being said, we would like to enforce that all clients use SSL when connecting. For example, vsql uses it by default, but specifying -m disable lets me connect without any encryption. Is there any way to disallow this? (Likewise for JDBC and ODBC clients.)

Comments

  • SruthiASruthiA Employee, Registered User, VerticaExpert

    Yes, you can disallow by creating client authentication records

    created 2 Authentication methods one to reject SSL and other to accept SSL Traffic. Create a role. grant this authentication method to that role and assign all users to newly created role.

  • gjorgjevskigjorgjevski Registered User
    edited October 15

    Thank you very much! I ended up creating two password-based authentication methods; one for LOCAL, and another one for HOST TLS. This has the implicit effect of not allowing remote connections without TLS/SSL.

  • SruthiASruthiA Employee, Registered User, VerticaExpert

    You are welcome.

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file