Set Up PostgreSQL Authentication

Create a PostgreSQL record in order to authenticate to a PostgreSQL database instance running on a Unix or Windows host, and scan it for compliance. Unix and Windows authentication is required so you'll also need a Unix and Windows record respectively for the host running the database.

This record type is only available in accounts with PA or SCA and is only supported for compliance scans.

Which technologies are supported?

For the most current list of supported authentication technologies and the versions that have been certified for VM and PA by record type, please refer to the following article: 

Authentication Technologies Matrix

How do I get started?

- Go to Scans > Authentication.

- Check that you have a Unix or Windows record already defined for the host running the database.

- Create a PostgreSQL record for the same host. Go to New > Databases > PostgreSQL.

Tell me about user permissionsTell me about user permissions

Your record settings

You’ll need to tell us the user account to be used for authentication, the database instance to authenticate to, and the port where the database is installed.

The type of authentication method you use depends on your server settings and how you've configured client authentication.

You can use:

- a password (enter it on the Login Credentials tab or get it from a password vault),

- a client certificate (enter it on the Private Key / Certificate tab),

- a password AND client certificate (enter values on both tabs).

Unix/Windows

In order to perform OS-dependent compliance checks you'll need to tell us where the PostgreSQL configuration file is located on your Unix and/or Windows hosts.

On the Unix tab, tell us the full path to the PostgreSQL configuration file on your Unix hosts. The file must be in the same location for all Unix hosts in your record. If the file is in a different location for some hosts you must create additional records for those hosts. Unix authentication is also required to perform these checks so make sure you have a Unix record with the same Unix hosts as this record.

On the Windows tab, tell us the full path to the PostgreSQL configuration file on your Windows hosts. The file must be in the same location for all Windows hosts in your record. If the file is in a different location for some hosts you must create additional records for those hosts. Windows authentication is also required to perform these checks so make sure you have a Windows record with the same Windows hosts as this record.

Do you have Tag Support enabled?

If your subscription has Tag Support for Authentication Records enabled, then you'll see additional options for specifying hosts using asset tags. Choose an asset type and then provide IPs or tags to the record. Your asset type options are: IPs/Ranges, IP Range in Tag Rule and Asset Tags.

For domain level authentication, you can only add assets when the domain type is NetBIOS, User-Selected IPs. The Assets section is disabled when the domain type is NetBIOS, Service-Selected IPs, or Active Directory.  

Asset Type: IPs/Ranges
Use this option to add IP addresses/ranges to the record. Enter the IP addresses/ranges in the field provided.

Asset Type: IP Range in Tag Rule
Use this option to add tags that have IP address ranges defined in the tag rule. All IP addresses defined in the tag rule will be associated with the record, including IPs that don’t already have the tag assigned. Click Add Tag to pick tags to include or exclude. Note that only tags with the dynamic tag rule “IP Address in Range(s)” will be available in the tag selector.

Asset Type: Asset Tags
Use this option to add tags to the record for the assets you want included. IP addresses with the selected tags already assigned will be associated with the record. Click Add Tag to pick tags to include or exclude.

Learn more about tag support for authentication records