Set Up Pivotal Greenplum Authentication

Create a Pivotal Greenplum record in order to authenticate to a Greenplum database instance running on a Unix host, and scan it for compliance. Unix authentication is required so you'll also need a Unix record for the host running the database.

This record type is only available in accounts with PA or SCA and is only supported for compliance scans.

Which technologies are supported?

For the most current list of supported authentication technologies and the versions that have been certified for VM and PA by record type, please refer to the following article: 

Authentication Technologies Matrix

How do I get started?

- Go to Scans > Authentication.

- Check that you have a Unix record already defined for the host running the database.

- Create a Pivotal Greenplum record for the same host. Go to New > Databases > Pivotal Greenplum.

Tell me about user permissionsTell me about user permissions

Managers can add authentication records.

Unit Managers must be granted these permissions:
- Manage PA module / Manage SCA module
- Create/edit authentication records/vaults

Your record settings

You’ll need to tell us the user account to be used for authentication, the database instance to authenticate to, and the port where the database is installed.

The type of authentication method you use depends on your server settings and how you've configured client authentication.

You can use:

- a password (enter it on the Login Credentials tab or get it from a password vault),

- a client certificate (enter it on the Private Key / Certificate tab),

- a password AND client certificate (enter values on both tabs).

Unix installation

On the Unix tab, tell us the full path to the configuration file (postgresql.conf) on your Unix hosts. The file must be in the same location on all IPs listed in the record. If the file is in a different location for some hosts you must create additional records for those hosts. Unix authentication is also required.

Do you have Tag Support enabled?

If your subscription has Tag Support for Authentication Records enabled, then you'll see additional options for specifying hosts using asset tags. Choose an asset type and then provide IPs or tags to the record. Your asset type options are: IPs/Ranges, IP Range in Tag Rule and Asset Tags.

For domain level authentication, you can only add assets when the domain type is NetBIOS, User-Selected IPs. The Assets section is disabled when the domain type is NetBIOS, Service-Selected IPs, or Active Directory.  

Asset Type: IPs/Ranges
Use this option to add IP addresses/ranges to the record. Enter the IP addresses/ranges in the field provided.

Asset Type: IP Range in Tag Rule
Use this option to add tags that have IP address ranges defined in the tag rule. All IP addresses defined in the tag rule will be associated with the record, including IPs that don’t already have the tag assigned. Click Add Tag to pick tags to include or exclude. Note that only tags with the dynamic tag rule “IP Address in Range(s)” will be available in the tag selector.

Asset Type: Asset Tags
Use this option to add tags to the record for the assets you want included. IP addresses with the selected tags already assigned will be associated with the record. Click Add Tag to pick tags to include or exclude.

Learn more about tag support for authentication records

 

Quick Links

Why use host authentication

Vault Support Matrix

Setup for Pivotal Greenplum (PC) Zip File Icon

 

 

© 2026 Qualys, Inc. All rights reserved. Privacy Policy. Last updated: May, 2026