CREATE AUTHENTICATION

The authentication method, one of the following:

• trust: Users can authenticate with a valid username (that is, without a password).

• reject: Rejects the connection attempt.

• hash: Users must provide a valid username and password. For details, see Hash authentication.

• gss: Authorizes clients that connect to Vertica with an MIT Kerberos implementation. The Key Distribution Center (KDC) must support Kerberos 5 using the GSS-API. Non-MIT Kerberos implementations must use the GSS-API. For details, see Kerberos authentication.

• ident: Authenticates the client against a username on an Ident server. For details, see Ident authentication.

• ldap: Authenticates a client and their username and password with an LDAP or Active Directory server. For details, see LDAP authentication.

• tls: Authenticates clients that provide a certificate with a Common Name (CN) that specifies a valid database username. Vertica must be configured for mutual mode TLS to use this method. For details, see TLS authentication

• oauth: Authenticates a client with an access token. For details, see OAuth 2.0 authentication.

For details, see Supported Client Authentication Methods.

The access method the client uses to connect, specified in one of the following ways:

• LOCAL: Matches connection attempts made using local domain sockets.

• HOST [ TLS | NO TLS ] 'host-ip-address': Matches connection attempts made using TCP/IP, where host-ip-address can be an IPv4 or IPv6 address. You can qualify HOST with one of the following options:

  • TLS (default): Match an SSL/TLS-wrapped TCP socket.

  • NO TLS: Match a plain (non-SSL/TLS) socket only.

Whether to enable fallthrough authentication for this record. To disable fallthrough, see ALTER AUTHENTICATION.

Fallthrough cannot be enabled for authentication records that use the following authentication methods:

• gss

• oauth

• reject

• trust