当前位置:网站首页>Kingbasees Security Guide for Jincang database -- 6.1 introduction to strong authentication
Kingbasees Security Guide for Jincang database -- 6.1 introduction to strong authentication
2022-07-28 04:04:00 【Thousands of sails passed by the side of the sunken boat_】
6.1. Introduction to strong authentication
6.1.1. About strong authentication
When a user accesses a system , The system usually requires users to provide some information to mark their identity and the ability to use the system . The system verifies this information to determine whether users are allowed to access 、 What functions can users access . This is the process of user authentication . When the number of users of the system is huge , The management and use of system account information will be a complex problem . Dealing with this problem within the system may deviate from the functions that the system itself should provide , Therefore, it is a better solution to separate it and hand it over to another service .
Identity authentication is the process that the database server establishes the identity of the client , And the server decides whether the client application is allowed to connect with the requested database user name .KingbaseES Provide a variety of different identity authentication methods . Password is the most common way of authentication ,KingbaseES Strong authentication is also enabled by supporting a variety of third-party authentication services .
6.1.2. How strong authentication works
Third party authentication server and database , Use with client , The basic working principle is as follows :
client ( Or the user running the client application ) Provide information such as passwords or tokens to the authentication server ;
The authentication server verifies the user's identity and returns the credentials to the client ;
The client passes these credentials and service requests to the database server ;
The database server sends the credentials to the authentication server to request authentication ;
The authentication server checks the credentials and notifies the database server of the authentication results . If the authentication server accepts credentials , The authentication is successful . If the authentication server rejects the credentials , Then the client's request will be rejected ;
6.1.3. Strong authentication methods supported
KingbaseES The database supports a variety of third-party service authentication methods , As shown in the following table :
authentication | explain |
|---|---|
scram-sha-256 | perform SCRAM-SHA-256 Authenticate to verify the user's password |
md5 | perform SCRAM-SHA-256 or MD5 Authenticate to verify the user's password |
Kerberos | Kerberos It is a trusted third-party authentication system that relies on shared secrets , Support use keberos The server performs centralized identity authentication |
ldap | LDAP It's a kind of passing IP The protocol provides directory information for access control and maintenance of distributed information , Support use LDAP Server authentication |
radius | RADIUS It's a client / Security protocol of server , Support use LDAP Server authentication |
cert | Use SSL Client certificate authentication |
gss | use GSSAPI Authenticated user . Only right TCP/IP Connection available . |
sspi | use SSPI To authenticate users . Only in Windows Available on the . |
ident | Allow specific operating system users on the client to connect to the database .Ident Certification can only be done in TCIP/IP Use... On the connection . |
peer | The operating system user who obtains the client from the operating system , And check that it matches the requested database user name . This is only available for local connections . |
pam | Using the pluggable authentication module service provided by the operating system (PAM) authentication |
bsd | Use... Provided by the operating system BSD Authentication services to authenticate |
The configuration and use of specific authentication methods will be described in detail in subsequent chapters .
边栏推荐
- R notes mice
- Dynamic planning - 1049. Weight of the last stone II
- jdbc使用
- 常用的弱网测试工具
- 【无标题】
- A 404 page source code imitating win10 blue screen
- Convert py file to exe executable file
- Developing rc522 module based on c8t6 chip to realize breathing lamp
- Data rich Computing: m.2 meets AI at the edge
- [day03] process control statement
猜你喜欢
MySQL是怎么保证高可用的
Dynamic planning - 62. Different paths
程序人生 | 测试工程师还只会点点点?7个捷径教给你快速学习新技术...
Do Netease and Baidu have their own tricks for seizing the beach AI learning machine?
40: Chapter 4: Development File Service: 1:fastdfs: (1): introduction to fastdfs;
Common interface testing tools
Is there a bonus period for robot engineering
XML file usage and parsing
【day03】流程控制语句
![[prototype and prototype chain] get to know prototype and prototype chain~](/img/8a/d6362fdd50dc883ff817a997ab9e1e.png)
[prototype and prototype chain] get to know prototype and prototype chain~
随机推荐
servlet使用
[leetcode] 34. Find the first and last positions of elements in the sorted array
Detailed explanation of pointer written test questions (C language)
21天,胖哥亲自带你玩转OAuth2
numeric_ Limits the range and related attributes of each data type learned
Notes to subject 2
un7.27:redis数据库常用命令。
Istio's Traffic Management API
Monotonic stack - 739. Daily temperature
Error no matching function for call to 'std:: exception:: exception (const char [15])' problem solving
"Three no's and five requirements" principle of enterprise Digitalization Construction
7/27(板子)染色法判定二分图+求组合数(递推公式)
Interview essential skills: SQL query special training!
cookie与Session
Dynamic planning - 1049. Weight of the last stone II
C语言:不创建临时变量实现两数交换
Protocols in swift
金仓数据库KingbaseES安全指南--6.1. 强身份验证简介
Qt:qmessagebox message box, custom signal and slot
40: Chapter 4: Development File Service: 1:fastdfs: (1): introduction to fastdfs;