Baoding-FenShuaJiang
/
Green_GoodERP18_FSJ_Standard
关注 1
点赞 0
百科 捐赠
gooderp18绿色标准版
您最多选择25个主题 主题必须以字母或数字开头,可以包含连字符 (-),并且长度不得超过35个字符
分支: master
分支列表 标签列表
${ item.name }
创建分支 ${ searchTerm }
从 'master'
${ noResults }
Green_GoodERP18_FSJ_Standard/PostgreSQL/doc/postgresql/html/auth-radius.html

65 行
6.3KB
原始文件 永久链接 Blame 文件历史 

  1. <?xml version="1.0" encoding="UTF-8" standalone="no"?>

  2. <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>20.11. RADIUS Authentication</title><link rel="stylesheet" type="text/css" href="stylesheet.css" /><link rev="made" href="pgsql-docs@lists.postgresql.org" /><meta name="generator" content="DocBook XSL Stylesheets V1.79.1" /><link rel="prev" href="auth-ldap.html" title="20.10. LDAP Authentication" /><link rel="next" href="auth-cert.html" title="20.12. Certificate Authentication" /></head><body><div xmlns="http://www.w3.org/TR/xhtml1/transitional" class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="5" align="center">20.11. RADIUS Authentication</th></tr><tr><td width="10%" align="left"><a accesskey="p" href="auth-ldap.html" title="20.10. LDAP Authentication">Prev</a> </td><td width="10%" align="left"><a accesskey="u" href="client-authentication.html" title="Chapter 20. Client Authentication">Up</a></td><th width="60%" align="center">Chapter 20. Client Authentication</th><td width="10%" align="right"><a accesskey="h" href="index.html" title="PostgreSQL 12.4 Documentation">Home</a></td><td width="10%" align="right"> <a accesskey="n" href="auth-cert.html" title="20.12. Certificate Authentication">Next</a></td></tr></table><hr></hr></div><div class="sect1" id="AUTH-RADIUS"><div class="titlepage"><div><div><h2 class="title" style="clear: both">20.11. RADIUS Authentication</h2></div></div></div><a id="id-1.6.7.18.2" class="indexterm"></a><p>

  3.     This authentication method operates similarly to

  4.     <code class="literal">password</code> except that it uses RADIUS

  5.     as the password verification method. RADIUS is used only to validate

  6.     the user name/password pairs. Therefore the user must already

  7.     exist in the database before RADIUS can be used for

  8.     authentication.

  9.    </p><p>

  10.     When using RADIUS authentication, an Access Request message will be sent

  11.     to the configured RADIUS server. This request will be of type

  12.     <code class="literal">Authenticate Only</code>, and include parameters for

  13.     <code class="literal">user name</code>, <code class="literal">password</code> (encrypted) and

  14.     <code class="literal">NAS Identifier</code>. The request will be encrypted using

  15.     a secret shared with the server. The RADIUS server will respond to

  16.     this request with either <code class="literal">Access Accept</code> or

  17.     <code class="literal">Access Reject</code>. There is no support for RADIUS accounting.

  18.    </p><p>

  19.     Multiple RADIUS servers can be specified, in which case they will

  20.     be tried sequentially. If a negative response is received from

  21.     a server, the authentication will fail. If no response is received,

  22.     the next server in the list will be tried. To specify multiple

  23.     servers, separate the server names with commas and surround the list

  24.     with double quotes. If multiple servers are specified, the other

  25.     RADIUS options can also be given as comma-separated lists, to provide

  26.     individual values for each server. They can also be specified as

  27.     a single value, in which case that value will apply to all servers.

  28.    </p><p>

  29.     The following configuration options are supported for RADIUS:

  30.      </p><div class="variablelist"><dl class="variablelist"><dt><span class="term"><code class="literal">radiusservers</code></span></dt><dd><p>

  31.          The DNS names or IP addresses of the RADIUS servers to connect to.

  32.          This parameter is required.

  33.         </p></dd><dt><span class="term"><code class="literal">radiussecrets</code></span></dt><dd><p>

  34.          The shared secrets used when talking securely to the RADIUS

  35.          servers. This must have exactly the same value on the PostgreSQL

  36.          and RADIUS servers. It is recommended that this be a string of

  37.          at least 16 characters. This parameter is required.

  38.          </p><div class="note"><h3 class="title">Note</h3><p>

  39.           The encryption vector used will only be cryptographically

  40.           strong if <span class="productname">PostgreSQL</span> is built with support for

  41.           <span class="productname">OpenSSL</span>. In other cases, the transmission to the

  42.           RADIUS server should only be considered obfuscated, not secured, and

  43.           external security measures should be applied if necessary.

  44.          </p></div><p>

  45.         </p></dd><dt><span class="term"><code class="literal">radiusports</code></span></dt><dd><p>

  46.          The port numbers to connect to on the RADIUS servers. If no port

  47.          is specified, the default RADIUS port (<code class="literal">1812</code>)

  48.          will be used.

  49.         </p></dd><dt><span class="term"><code class="literal">radiusidentifiers</code></span></dt><dd><p>

  50.          The strings to be used as <code class="literal">NAS Identifier</code> in the

  51.          RADIUS requests. This parameter can be used, for example, to

  52.          identify which database cluster the user is attempting to connect

  53.          to, which can be useful for policy matching on

  54.          the RADIUS server. If no identifier is specified, the default

  55.          <code class="literal">postgresql</code> will be used.

  56.         </p></dd></dl></div><p>

  57.    </p><p>

  58.     If it is necessary to have a comma or whitespace in a RADIUS parameter

  59.     value, that can be done by putting double quotes around the value, but

  60.     it is tedious because two layers of double-quoting are now required.

  61.     An example of putting whitespace into RADIUS secret strings is:

  62. </p><pre class="programlisting">

  63. host ... radius radiusservers="server1,server2" radiussecrets="""secret one"",""secret two"""

  64. </pre><p>

  65.    </p></div><div class="navfooter"><hr /><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="auth-ldap.html">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="client-authentication.html">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="auth-cert.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">20.10. LDAP Authentication </td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"> 20.12. Certificate Authentication</td></tr></table></div></body></html>
上海开阖软件有限公司 沪ICP备12045867号-1