App-Sqitch
view release on metacpan - search on metacpan
view release on metacpan or search on metacpan
lib/sqitch-authentication.pod view on Meta::CPAN
=over
=item PostgreSQL
PostgreSQL supports a number of
L<authentication methods|https://www.postgresql.org/docs/current/static/auth-methods.html>,
including the passwordless L<SSL certificate|https://www.postgresql.org/docs/current/static/auth-methods.html#AUTH-CERT>, L<GSSAPI|https://www.postgresql.org/docs/current/static/auth-methods.html#GSSAPI-AUTH>, and, for local connections,
L<peer authentication|https://www.postgresql.org/docs/current/static/auth-methods.html#AUTH-PEER>.
=item MySQL
MySQL supports a number of
L<authentication methods|https://dev.mysql.com/doc/internals/en/authentication-method.html>,
plus L<SSL authentication|https://dev.mysql.com/doc/internals/en/ssl.html>.
=item Oracle
Oracle supports a number of
L<authentication methods|https://docs.oracle.com/cd/B19306_01/network.102/b14266/authmeth.htm#BABCGGEB>,
including
L<SSL authentication|https://docs.oracle.com/cd/B19306_01/network.102/b14266/authmeth.htm#i1009722>,
L<third-party authentication|https://docs.oracle.com/cd/B19306_01/network.102/b14266/authmeth.htm#i1009853>,
and, for local connections,
L<OS authentication|https://docs.oracle.com/cd/B19306_01/network.102/b14266/authmeth.htm#i1007520>.
=item Vertica
Vertica supports a number of
L<authentication methods|https://my.vertica.com/docs/7.1.x/HTML/index.htm#Authoring/AdministratorsGuide/Security/ClientAuth/SupportedClientAuthenticationMethods.htm>
including the passwordless L<TLS authentication|https://my.vertica.com/docs/7.1.x/HTML/index.htm#Authoring/AdministratorsGuide/Security/ClientAuth/ConfiguringTLSAuthentication.htm>,
L<GSS authentication|https://my.vertica.com/docs/7.1.x/HTML/index.htm#Authoring/AdministratorsGuide/Security/ClientAuth/Kerberos/ImplementingKerberosAuthentication.htm>,
and, for local connections,
L<ident authentication|https://my.vertica.com/docs/7.1.x/HTML/index.htm#Authoring/AdministratorsGuide/Security/ClientAuth/ConfiguringIdentAuthentication.htm>.
=item Firebird
Firebird supports passwordless authentication only via
L<trusted authentication|https://www.firebirdsql.org/manual/qsg2-config.html>
for local connections.
=item Exasol
Exasol doesn't seem to support password-less authentication at this time,
though there is support for
L<Authentication using OpenID|https://docs.exasol.com/sql/create_user.htm#Authenti4>.
To use it with Sqitch, include C<AUTHMETHOD=refreshtoken> in the target URI
query string, e.g.,
db:exasol://sys:exasol@localhost:8563/?Driver=Exasol&AUTHMETHOD=refreshtoken
=item Snowflake
Snowflake does not support password-less authentication, but does support
key-pair authentication. Follow
L<the instructions|https://docs.snowflake.com/en/user-guide/snowsql-start.html#using-key-pair-authentication>
to create a key pair, then set the following variables in the F<~/.snowsql/config>
file:
authenticator = SNOWFLAKE_JWT
private_key_path = "path/to/privatekey.p8"
To connect, set the C<$SNOWSQL_PRIVATE_KEY_PASSPHRASE> environment variable to
the passphrase for the private key, and add these parameters to the query part
of your connection URI:
=over
=item * C<authenticator=SNOWFLAKE_JWT>
=item * C<uid=$username>
=item * C<priv_key_file=path/to/privatekey.p8>
=item * C<priv_key_file_pwd=$private_key_password>
=back
For example:
db:snowflake://movera@example.snowflakecomputing.com/flipr?Driver=Snowflake;warehouse=sqitch;authenticator=SNOWFLAKE_JWT;uid=movera;priv_key_file=path/to/privatekey.p8;priv_key_file_pwd=s0up3rs3cre7
=back
=head2 Use a Password File
If you must use password authentication with your database server, you may be
able to use a protected password file. This is file with access limited only
to the current user that the server client library can read in. As such, the
format is specified by the database vendor, and not all database servers offer
the feature. Here's how the database engines supported by Sqitch shake out:
=over
=item PostgreSQL, YugabyteDB, CockroachDB
PostgreSQL, YugabyteDB, and CockroachDB will use a
L<F<.pgpass> file|https://www.postgresql.org/docs/current/static/libpq-pgpass.html> in the
user's home directory to or referenced by the C<$PGPASSFILE> environment
variable. This file must limit access only to the current user (C<0600>) and
contains lines specify authentication rules as follows:
hostname:port:database:username:password
=item MySQL
For MySQL, if the L<MySQL::Config> module is installed, usernames and
passwords can be specified in the
L<F</etc/my.cnf> and F<~/.my.cnf> files|https://dev.mysql.com/doc/refman/5.7/en/password-security-user.html>.
These files must limit access only to the current user (C<0600>). Sqitch will
look for a username and password under the C<[client]> and C<[mysql]>
sections, in that order.
=item Oracle
Oracle supports
L<password file|https://docs.oracle.com/cd/B28359_01/server.111/b28310/dba007.htm#ADMIN10241>
created with the C<ORAPWD> utility to authenticate C<SYSDBA> and C<SYSOPER>
users, but B<Sqitch is unable to take advantage of this functionality.> Neither can
one L<embed a username and password|https://stackoverflow.com/q/7183513/79202>
into a
L<F<tnsnames.ora>|https://docs.oracle.com/cd/B28359_01/network.111/b28317/tnsnames.htm#NETRF007>
file.
=item Vertica
Vertica does not currently support a password file.
=item Firebird
Firebird does not currently support a password file.
=item Exasol
Exasol allows configuring connection profiles for the 'exaplus' client:
view all matches for this distributionview release on metacpan - search on metacpan
( run in 0.841 second using v1.00-cache-2.02-grep-82fe00e-cpan-dad7e4baca0 )