Vertica Analytics Platform Version 9.2.x Documentation

Creating Authentication Records

You can manage client authentication records using vsql commands. To use these statements, you must be connected to the database.

You cannot modify client authentication records using the Administration Tools. The Administration Tools interface allows you to modify the contents of the vertica.conf file. However, Vertica ignores any client authentication information stored in that file.

You create authentication records with CREATE AUTHENTICATION, which Vertica stores in the catalog and automatically enables.

Examples

The following examples show how to create authentication records.

Create authentication method localpwd to authenticate users who are trying to log in from a local host using a password:

=> CREATE AUTHENTICATION localpwd METHOD 'hash' LOCAL;

Create authentication method v_ldap that uses LDAP over TLS to authenticate users logging in from the host with the IPv4 address 10.0.0.0/23:

=> CREATE AUTHENTICATION v_ldap METHOD 'ldap' HOST TLS '10.0.0.0/23';

Create authentication method v_kerberos to authenticate users who are trying to connect from any host in the networks 2001:0db8:0001:12xx:

=> CREATE AUTHENTICATION v_kerberos METHOD 'gss' HOST '2001:db8:1::1200/56';

Create authentication method RejectNoSSL that rejects users from any IP address that are trying to authenticate without SSL/TLS:

=> CREATE AUTHENTICATION RejectNoSSL_IPv4 METHOD 'reject' HOST NO TLS '0.0.0.0/0';  --IPv4
=> CREATE AUTHENTICATION RejectNoSSL_IPv6 METHOD 'reject' HOST NO TLS '::/0';     --IPv6