The Vertica Forum recently got a makeover! Let us know what you think by filling out this short, anonymous survey.

Enforce encryption

We are running a cluster configured to use SSL for authentication and encryption; i.e., EnableSSL is set to 1 and certificates and keys are in place.

Client authentication is done by usernames and passwords.

With this being said, we would like to enforce that all clients use SSL when connecting. For example, vsql uses it by default, but specifying -m disable lets me connect without any encryption. Is there any way to disallow this? (Likewise for JDBC and ODBC clients.)

Comments

  • Yes, you can disallow by creating client authentication records

    created 2 Authentication methods one to reject SSL and other to accept SSL Traffic. Create a role. grant this authentication method to that role and assign all users to newly created role.

  • edited October 2018

    Thank you very much! I ended up creating two password-based authentication methods; one for LOCAL, and another one for HOST TLS. This has the implicit effect of not allowing remote connections without TLS/SSL.

  • You are welcome.

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file

Can't find what you're looking for? Search the Vertica Documentation, Knowledge Base, or Blog for more information.