| From: | Stephen Frost <sfrost(at)snowman(dot)net> |
|---|---|
| To: | Ivan Novick <inovick(at)pivotal(dot)io> |
| Cc: | pgadmin-support(at)lists(dot)postgresql(dot)org |
| Subject: | Re: multiple Kerberos Server Principals from 1 instance of pgadmin |
| Date: | 2019-08-16 19:57:30 |
| Message-ID: | 20190816195730.GZ16436@tamriel.snowman.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgadmin-support |
Greetings,
* Ivan Novick (inovick(at)pivotal(dot)io) wrote:
> For greenplum database it would be gpadmin instead of postgres
I see... I find that pretty odd- why would you change that? I suppose
it's baked in at this point though, which is unfortunate. If it talks
the PG protocol and is expected to be the only service on a given host,
it really should be 'postgres' imv.
> > PGKRBSRVNAME is typically either 'postgres' or 'POSTGRES', depending on
> > if you are dealing with Active Directory clients or not. I agree that
> > it's theoretically possible that you might need to be able to configure
> > PGKRBSRVNAME on a per-server/cluster basis, but you definitely don't
> > need to be able to do so on a per-database basis and the PGKRBSRVNAME
> > has absolutely nothing to do with the user's username, nor the unix user
> > that the server actually runs as.
> >
> > What, exactly, are you thinking that value would be set to?
> >
> > Can you show what klist -k /path/to/keytab on the PG server returns?
>
> You can see here a sample output that gpadmin is referenced.
> klist -k /var/spool/keytabs/gpadmin
>
> Keytab name: FILE:/var/spool/keytabs/gpadmin
>
> KVNO Timestamp Principal
> ---- -----------------
> --------------------------------------------------------
> 2 04/09/15 06:56:33 gpadmin/srv101(dot)prd21(dot)acme(dot)com(at)is1(dot)acme
> 2 04/09/15 06:56:33 gpadmin/srv101(dot)prd21(dot)acme(dot)com(at)is1(dot)acme
> 2 04/09/15 06:56:33 gpadmin/srv101(dot)prd21(dot)acme(dot)com(at)is1(dot)acme
> 2 04/09/15 06:56:33 gpadmin/srv101(dot)prd21(dot)acme(dot)com(at)is1(dot)acme
Thanks, that helps clarify what you're going for here.
> What would help a lot is when setting up the Server properties in pgadmin4
> if we could add a PGKRBSRVNAME variable so it can be different for each
> server.
>
> Does that make sense?
Yes, having it configurable in the Server properties makes sense.
> If the idea makes sense and is agreed, i could probably find a developer
> that would be interested to help code it up and submit.
I can't speak to how it should be exactly implemented in pgAdmin, but I
would think having it configurable as a Server property and then passed
into the connection string as a parameter would make the most sense.
Going the environment variable route seems like it would be odd to me,
but I don't hack pgAdmin much. :)
Great!
Thanks,
Stephen
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Charalampos Fanoulis | 2019-08-17 08:38:59 | Cannot log in to pgadmin interface with Docker |
| Previous Message | Ivan Novick | 2019-08-16 19:52:19 | Re: multiple Kerberos Server Principals from 1 instance of pgadmin |