| From: | Stephen Frost <sfrost(at)snowman(dot)net> |
|---|---|
| To: | Jean-Philippe Chenel <jp(dot)chenel(at)LIVE(dot)CA> |
| Cc: | "pgsql-general(at)lists(dot)postgresql(dot)org" <pgsql-general(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: 9.6.9 Default configuration for a default installation but different with-krb-srvnam |
| Date: | 2019-04-30 02:21:54 |
| Message-ID: | 20190430022153.GP6197@tamriel.snowman.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Greetings,
* Jean-Philippe Chenel (jp(dot)chenel(at)LIVE(dot)CA) wrote:
> You're absolutely right, the mapping work very well.
Great, glad to hear it.
> I've created 2 "service user" on Active Directory (postgres and postgres_dev), and generated the keytab like this:
>
> ktpass -out postgres_pg1.keytab -princ postgres/PGDOMT1(dot)ad(dot)com(at)AD(dot)COM -mapUser AD\postgres -pass 'UserPass1' -mapOp add -crypto ALL -ptype KRB5_NT_PRINCIPAL
>
> ktpass -out postgres_pg2.keytab -princ postgres/PGDOMT2(dot)ad(dot)com(at)AD(dot)COM -mapUser AD\postgres_dev -pass 'UserPass2' -mapOp add -crypto ALL -ptype KRB5_NT_PRINCIPAL
I would strongly suggest you use passwords that are randomly generated
and not sent to a public, archived, mailing list. If someone knows the
password, they can impersonate the server.
Thanks!
Stephen
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Daulat Ram | 2019-04-30 03:46:07 | ERROR: operator does not exist: timestamp without time zone + integer |
| Previous Message | Jean-Philippe Chenel | 2019-04-30 02:19:35 | RE: 9.6.9 Default configuration for a default installation but different with-krb-srvnam |