DBADMIN Authentication Access

The DBADMIN user must have access to the database at all times.

The DBADMIN account must authenticate against the database using local trust or local hash authentication.

Vertica recommends that you create an authentication method (LOCAL TRUST or LOCAL PASSWORD) with a very high priority, say, 10,000. Grant this method to the DBADMIN user and set the priority using ALTER AUTHENTICATION. 

With the high priority, this new authentication method supersedes any authentication methods you create for PUBLIC (which includes the DBADMIN user). Even if you make changes to PUBLIC authentication methods, the DBADMIN user can now connect to the database at any time.

This example shows how you configure local trust authentication for the DBADMIN user. As a result, the user can use vsql with the -h option and does not need to enter a password:

=> CREATE AUTHENTICATION v_dbadmin_trust METHOD 'trust' LOCAL;
=> GRANT AUTHENTICATION v_dbadmin_trust TO dbadmin;
=> ALTER AUTHENTICATION v_dbadmin_trust PRIORITY 10000;

The next example shows how you configure host hash authentication for DBADMIN. They allow the user to access the Vertica database using the assigned password from any IPv4 address. The DBADMIN user can access the database using vsql -h --host, the Administration Tools, or any other tools that connects to Vertica:

=> CREATE AUTHENTICATION v_dbadmin_hash METHOD 'hash' HOST '0.0.0.0/0';
=> GRANT AUTHENTICATION v_dbadmin_hash TO dbadmin;
=> ALTER AUTHENTICATION v_dbadmin_hash PRIORITY 10000;
=> SELECT SET_CONFIG_PARAMETER('SecurityAlgorithm', 'SHA512');

Vertica supports IPv4 and IPv6 addresses. For more information, see IPv4 and IPv6 for Client Authentication.