CREATE AUTHENTICATION

Creates and enables an authentication method associated with users or roles. When you create an authentication method using CREATE AUTHENTICATION, Vertica enables it automatically.

Syntax

CREATE AUTHENTICATION auth-method-name
       METHOD auth-type
       { LOCAL | HOST [ { TLS | NO TLS } ] host-ip-address }

Parameters

Name Data Type Description
auth-method-name VARCHAR Name of the authentication method you want to create, where auth-method-name conforms to conventions described in Identifiers.
auth-type VARCHAR

Name of the authentication method you want to use.

Valid values:

  • 'gss'
  • 'ident'
  • 'ldap'
  • 'hash'
  • 'reject'
  • 'trust'
  • 'tls'
{ LOCAL | HOST [ { TLS | NO TLS } ] } N/A

The access method the client uses to connect.

Valid values:

  • LOCAL—Matches connection attempts made using local domain sockets. When using the local connection type, do not specify the <address> parameter.
  • HOST—Matches connection attempts made using TCP/IP. Verticaattempts connection using a plain (non-SSL/TLS) or SSL/TLS-wrapped TCP socket.
  • HOST TLS—Matches an SSL/TLS TCP connection only.
  • HOST NO TLS—Matches a plain TCP socket only.
host-ip-address VARCHAR

Required if you specify HOST. Vertica supports IPv4 and IPv6 addresses.

For more information, see IPv4 and IPv6 for Client Authentication.

Privileges

Must have DBADMIN privileges.

Examples

This example shows you how to create an authentication method named localpwd to authenticate users who are trying to log in from a local host using a password:

=> CREATE AUTHENTICATION localpwd METHOD 'hash' LOCAL;

This example shows you how to create an authentication method named v_ldap that uses LDAP over TLS to authenticate users logging in from the host with the IPv4 address 10.0.0.0/23:

=> CREATE AUTHENTICATION v_ldap METHOD 'ldap' HOST TLS '10.0.0.0/23';

This example shows you how to create an authentication method named v_kerberos to authenticate users that are trying to connect from any host in the networks 2001:0db8:0001:12xx:

=> CREATE AUTHENTICATION v_kerberos METHOD 'gss' HOST '2001:db8:1::1200/56';

This example shows you how to create an authentication method named, RejectNoSSL, that rejects users from any IP address that are trying to authenticate without SSL/TLS:

=> CREATE AUTHENTICATION RejectNoSSL_IPv4 METHOD 'reject' HOST NO TLS '0.0.0.0/0';  --IPv4
=> CREATE AUTHENTICATION RejectNoSSL_IPv6 METHOD 'reject' HOST NO TLS '::/0';     --IPv6
        

See Also