Vertica Documentation – Ident authentication /en/security-and-authentication/client-authentication/ident-authentication/ Recent content in Ident authentication on Vertica Documentation Hugo -- gohugo.io Security-and-Authentication: Installing and setting up an ident server /en/security-and-authentication/client-authentication/ident-authentication/installing-and-setting-up-an-ident-server/ Mon, 01 Jan 0001 00:00:00 +0000 /en/security-and-authentication/client-authentication/ident-authentication/installing-and-setting-up-an-ident-server/ <p>To use Ident authentication, you must install one or more packages, depending on your operating system, and enable the Ident server on your Vertica server. <code>oidentd</code> is an Ident daemon that is compatible with Vertica and compliant with <a href="https://www.ietf.org/rfc/rfc1413.txt">RFC 1413</a>. <div class="alert admonition note" role="alert"> <h4 class="admonition-head">Note</h4> You can find the source code and installation instructions for oidentd at the <a href="http://ojnk.sourceforge.net/">oidentd website</a>. </div></p> <p>To install and configure Ident authentication for use with your Vertica database, follow the appropriate steps for your operating system.</p> <h3 id="red-hat-7xcentos-7x">Red hat 7.x/CentOS 7.x</h3> <p>Install an Ident server on Red Hat 7.x or CentOS 7.x by installing the <code>authd</code> and <code>xinetd</code> packages:</p> <pre tabindex="0"><code>$ yum install authd $ yum install xinetd </code></pre><h3 id="ubuntudebian">Ubuntu/debian</h3> <p>Install <code>oidentd</code> on Ubuntu or Debian by running this command:</p> <pre tabindex="0"><code>$ sudo apt-get install oidentd </code></pre><h3 id="suse-linux-enterprise-server">SUSE Linux enterprise server</h3> <p>Install the <code>pidentd</code> and <code>xinetd</code> RPMs from the following locations:</p> <ul> <li> <p><a href="https://www.suse.com/LinuxPackages/packageRouter.jsp?product=server&amp;version=11&amp;service_pack=&amp;architecture=i386&amp;package_name=pidentd">https://www.suse.com/LinuxPackages/packageRouter.jsp?product=server&amp;version=11&amp;service_pack=&amp;architecture=i386&amp;package_name=pidentd</a></p> </li> <li> <p><a href="https://www.suse.com/LinuxPackages/packageRouter.jsp?product=server&amp;version=11&amp;service_pack=&amp;architecture=i386&amp;package_name=xinetd">https://www.suse.com/LinuxPackages/packageRouter.jsp?product=server&amp;version=11&amp;service_pack=&amp;architecture=i386&amp;package_name=xinetd</a></p> </li> </ul> <h2 id="post-installation-steps-for-ubuntudebian">Post-installation steps for ubuntu/debian</h2> <p>After you install <code>oidentd</code> on your Ubuntu/Debian system, continue with the following steps:</p> <ol> <li> <p>Verify that the Ident server accepts IPv6 connections to prevent authentication failure. To do so, you must enable this capability. In the script <code>/etc/init.d/oidentd</code>, change the line from:</p> <pre tabindex="0"><code>exec=&#34;/usr/sbin/oidentd&#34; </code></pre><p>to</p> <pre tabindex="0"><code>exec=&#34;/usr/sbin/oidentd -a ::&#34; </code></pre><p>Then, at the Linux prompt, start <code>oidentd</code> with <code>-a ::</code>.</p> </li> <li> <p>Restart the server with the following command:</p> <pre tabindex="0"><code>$ /etc/init.d/oidentd restart </code></pre></li> </ol> <h2 id="post-installation-steps-for-red-hat-7xcentos-7x-and-suse-linux-enterprise-server">Post-installation steps for red hat 7.x/CentOS 7.x and SUSE Linux enterprise server</h2> <p>After you install the required packages on your Red Hat 7.x/CentOS 7.x or SUSE Linux Enterprise Server system, continue with the following steps:</p> <ol> <li> <p>Enable the <code>auth</code> service by setting <code>disable = no</code> in the configuration file <code>/etc/xinetd.d/auth</code>. If this file does not exist, create it. The following is a sample configuration file:</p> <pre tabindex="0"><code>service auth { disable = no socket_type = stream wait = no user = ident cps = 4096 10 instances = UNLIMITED server = /usr/sbin/in.authd server_args = -t60 --xerror --os } </code></pre></li> <li> <p>Restart the <code>xinetd</code> service with the following command:</p> <pre tabindex="0"><code>$ service xinetd restart </code></pre></li> </ol> Security-and-Authentication: Configuring ident authentication for database users /en/security-and-authentication/client-authentication/ident-authentication/configuring-ident-authentication-db-users/ Mon, 01 Jan 0001 00:00:00 +0000 /en/security-and-authentication/client-authentication/ident-authentication/configuring-ident-authentication-db-users/ <p>To configure Ident authentication, take the following steps:</p> <ol> <li> <p>Create an authentication method that uses Ident.</p> <p>The Ident server must be installed on the same computer as your database, so specify the keyword LOCAL. Vertica requires that the Ident server and database always be on the same computer as the database.</p> <pre tabindex="0"><code>=&gt; CREATE AUTHENTICATION v_ident METHOD &#39;ident&#39; LOCAL; </code></pre></li> <li> <p>Set the Ident authentication parameters, specifying the system users who should be allowed to connect to your database.</p> <pre tabindex="0"><code>=&gt; ALTER AUTHENTICATION v_ident SET system_users=&#39;<span class="code-variable">user1</span>:<span class="code-variable">user2</span>:<span class="code-variable">user3</span>&#39;; </code></pre></li> <li> <p>Associate the authentication method with the Vertica user. Use a GRANT statement that allows the system user <code>user1</code> to log in using Ident authentication:</p> <pre tabindex="0"><code>=&gt; GRANT AUTHENTICATION v_ident TO <span class="code-variable">user1</span>; </code></pre></li> </ol>