CREATE AUTHENTICATION
Creates and enables an authentication method associated with users or roles. When you create an authentication method using CREATE AUTHENTICATION, Vertica enables it automatically.
Syntax
CREATE AUTHENTICATION auth-method-name METHOD auth-type { LOCAL | HOST [ { TLS | NO TLS } ] host-ip-address }
Parameters
Name | Data Type | Description |
---|---|---|
auth-method-name
|
VARCHAR | Name of the authentication method you want to create, where auth-method-name conforms to conventions described in Identifiers. |
auth-type
|
VARCHAR |
Name of the authentication method you want to use. Valid values:
|
{ LOCAL | HOST [ { TLS | NO TLS } ] }
|
N/A |
The access method the client uses to connect. Valid values:
|
host-ip-address
|
VARCHAR |
Required if you specify HOST. Vertica supports IPv4 and IPv6 addresses. For more information, see IPv4 and IPv6 for Client Authentication. |
Privileges
Must have DBADMIN privileges.
Examples
This example shows you how to create an authentication method named localpwd
to authenticate users who are trying to log in from a local host using a password:
=> CREATE AUTHENTICATION localpwd METHOD 'hash' LOCAL;
This example shows you how to create an authentication method named v_ldap
that uses LDAP over TLS to authenticate users logging in from the host with the IPv4 address 10.0.0.0/23:
=> CREATE AUTHENTICATION v_ldap METHOD 'ldap' HOST TLS '10.0.0.0/23';
This example shows you how to create an authentication method named v_kerberos
to authenticate users that are trying to connect from any host in the networks 2001:0db8:0001:12xx:
=> CREATE AUTHENTICATION v_kerberos METHOD 'gss' HOST '2001:db8:1::1200/56';
This example shows you how to create an authentication method named, RejectNoSSL
, that rejects users from any IP address that are trying to authenticate without SSL/TLS:
=> CREATE AUTHENTICATION RejectNoSSL_IPv4 METHOD 'reject' HOST NO TLS '0.0.0.0/0'; --IPv4 => CREATE AUTHENTICATION RejectNoSSL_IPv6 METHOD 'reject' HOST NO TLS '::/0'; --IPv6