| From: | Stephen Frost <sfrost(at)snowman(dot)net> |
|---|---|
| To: | Bear Giles <bgiles(at)coyotesong(dot)com> |
| Cc: | "Weingartner, Steven" <SWeingartner(at)semprautilities(dot)com>, "pgsql-admin(at)postgresql(dot)org" <pgsql-admin(at)postgresql(dot)org> |
| Subject: | Re: GSSAPI / Kerberos Authentication |
| Date: | 2016-06-06 13:09:09 |
| Message-ID: | 20160606130909.GJ21416@tamriel.snowman.net |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
Bear,
* Bear Giles (bgiles(at)coyotesong(dot)com) wrote:
> The problem is connecting to the server using the JDBC driver. It currently
> uses the connection username and password to log into the KDC and also
> provides the username to the database. That works fine with a simple
> username but gets confused with principal names like above. What I plan to
> add is the ability to specify a keytab instead of the username and password
> for the JDBC driver. I banged my head against the wall for awhile before
> downloading the code and single-stepping through the login process. :-)
Doesn't the JDBC driver have a way to use an existing credential cache
though..? Generally speaking, one uses something like k5start to
initialize (and keep current) a credential cache by using a keytab and
then the daemon (or what-have-you) uses that.
The JDBC driver really shouldn't be accepting the username/password at
all..
Thanks!
Stephen
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Patrick B | 2016-06-06 23:53:14 | Re: WAL segment NOT FOUND - Postgres 9.2 |
| Previous Message | Dhandapani Shanmugam | 2016-06-05 12:24:37 | Re: user logging info |