| From: | Stephen Frost <sfrost(at)snowman(dot)net> |
|---|---|
| To: | Pierre Ochsenbein <pierreochsenbein(at)gmail(dot)com> |
| Cc: | pgsql-admin <pgsql-admin(at)postgresql(dot)org> |
| Subject: | Re: PostgreSQL LDAP \ Kerberos |
| Date: | 2019-07-12 12:18:48 |
| Message-ID: | 20190712121848.GC29202@tamriel.snowman.net |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
Greetings,
* Pierre Ochsenbein (pierreochsenbein(at)gmail(dot)com) wrote:
> Somebody can give me Feedback about PostgreSQL Authentication with LDAP and
> Kerberos.
You should use Kerberos for authentication, using LDAP isn't a good idea
because the PG server will see the user's password.
> Actually I use LDAP authentication and I would like to test automatically
> authentication with Kerberos...
>
> It's easy to implement and works fine, no bugs in perspective?
Yes, it works fine, just generate a keytab and copy it to somewhere that
the PG server can see it. If you're in an active directory environment
then this requires a bit more than just an addprinc/ktadd, there's a
blog post I wrote about doing it here:
https://info.crunchydata.com/blog/windows-active-directory-postgresql-gssapi-kerberos-authentication
Thanks,
Stephen
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Joshua Kramer | 2019-07-14 02:54:38 | Citus Maintenance Worker & template1 database |
| Previous Message | Pierre Ochsenbein | 2019-07-12 09:11:20 | PostgreSQL LDAP \ Kerberos |