| From: | "Magnus Hagander" <mha(at)sollentuna(dot)net> |
|---|---|
| To: | "Mike Rylander" <mrylander(at)gmail(dot)com>, "Hackers" <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: LDAP Authentication? |
| Date: | 2005-10-11 09:06:43 |
| Message-ID: | 6BCB9D8A16AC4241919521715F4D8BCE6C7A8F@algol.sollentuna.se |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
> > > > You can do this today using PAM authenication, but this is
> > > not always
> > > > possible. Notably it's never possible on Windows, and there are
> > > > several unix platforms/distros that don't support it
> > > without a lot of
> > > > work.
> > >
> > > Or you port PAM to Windows, and then everybody wins.
> >
> > Well, for one that's going to be a *lot* more work. I'm not
> even sure
> > how many of the concepts would apply to win32, but then I
> don't really
> > know PAM...
> >
>
> Most of the work has already been done:
>
> http://pgina.xpasystems.com/
Eh, no, that one works the other way around, adn doesn't help us at all.
GINA for windows is about the same as PAM is for Unix. Allows pluggable
authentication. But we don't support GINA authentication.
I guess we could support GINA authentication instead of LDAP, which
would add the benefit of supporting windows passwords (withotu single
sign on) for local accounts. But it would also make the hurdle a whole
lot larger for anybody wanting to do ldap auth for postgres -
installilng a GINA changes *all* the authentication on windows. Which
means you could use those accounts to log on to the system, which you
probalby don't want...
//Magnus
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Simon Riggs | 2005-10-11 09:58:58 | Re: slower merge join on sorted data chosen over |
| Previous Message | Martijn van Oosterhout | 2005-10-11 07:28:00 | Scan Direction not part of ScanState? |