Configuring hash authentication
Follow these steps to configure hash authentication:
-
Create an authentication method that is based on hash encryption. When you create an authentication method, it is automatically enabled for use.
The following example shows how to create an authentication method
v_hash
for users logging in from the IP address 10.0.0.0/0.=> CREATE AUTHENTICATION v_hash METHOD 'hash' HOST '10.0.0.0/0';
If users are trying to connect from an IPv6 address, the statement might look like this example:
=> CREATE AUTHENTICATION v_hash METHOD 'hash' HOST '2001:db8:ab::123/128';
-
Specify the following parameters to set the effective security algorithms:
-
At the system level, set the
SecurityAlgorithm
configuration parameter. This setting applies to all users withNONE
(default) for their user-level parameter,SECURITY_ALGORITHM
:=> ALTER DATABASE DEFAULT SET SecurityAlgorithm = 'SHA512';
If you want users to immediately inherit changes to the system-level parameter, set their passwords to expire the next time they log in. Once they reset their passwords, Vertica hashes them using the current system-level security algorithm.
-
To override the system-level parameter for a particular user, use ALTER USER to set the
SECURITY_ALGORITHM
parameter to a non-NONE
value:=> ALTER USER username SECURITY_ALGORITHM 'SHA512' IDENTIFIED BY 'newpassword';
-
-
Associate the
v_hash
authentication method with the desired users or user roles, using a GRANT statement:=> GRANT AUTHENTICATION v_hash to user1, user2, ...;
For more information on these parameters, see Hash authentication parameters.