Hiding database usernames
If you want to keep certain database usernames a secret from connecting clients and your authentication records do not use Fallthrough authentication, then these two user groups must share the same single authentication method (not necessarily the same authentication record):
-
Users whose usernames must be kept secret.
-
Users with the PUBLIC role.
If your authentication records use fallthrough, then ensure that the first authentication method that prompts for a password in the authentication chain is the same for both the secret users and the PUBLIC role. The following methods prompt for a password:
A simple way to satisfy this condition is by duplicating the fallthrough chain for both groups with the same methods. For example, a valid authentication chain would be tls
> ldap
for both the secret users and the PUBLIC role.
Another valid configuration would be tls
> ldap
> hash
for secret users, and ldap
for the PUBLIC role.