Creating Authentication Records
You can manage client authentication records using vsql commands. To use these statements, you must be connected to the database.
You cannot modify client authentication records using the Administration Tools. The Administration Tools interface allows you to modify the contents of the vertica.conf
file. However, Vertica ignores any client authentication information stored in that file.
You create authentication records with CREATE AUTHENTICATION
, which Vertica stores in the catalog and automatically enables.
Examples
The following examples show how to create authentication records.
Create authentication method localpwd
to authenticate users who are trying to log in from a local host using a password:
=> CREATE AUTHENTICATION localpwd METHOD 'hash' LOCAL;
Create authentication method v_ldap
that uses LDAP over TLS to authenticate users logging in from the host with the IPv4 address 10.0.0.0/23:
=> CREATE AUTHENTICATION v_ldap METHOD 'ldap' HOST TLS '10.0.0.0/23';
Create authentication method v_kerberos
to authenticate users who are trying to connect from any host in the networks 2001:0db8:0001:12xx:
=> CREATE AUTHENTICATION v_kerberos METHOD 'gss' HOST '2001:db8:1::1200/56';
Create authentication method RejectNoSSL
that rejects users from any IP address that are trying
to authenticate without TLS:
=> CREATE AUTHENTICATION RejectNoSSL METHOD 'reject' HOST NO TLS '0.0.0.0/0'; --IPv4 => CREATE AUTHENTICATION RejectNoSSL METHOD 'reject' HOST NO TLS '::/0'; --IPv6