Re: HTTP user authentication against PostgreSQL

David G Johnston wrote

> Personally, I would consider having both Apache and PostgreSQL talk to a
> LDAP database if you really need to have a single point of identity
> definition.

The PostgreSQL DB is currently setup with Kerberos for Windows SSO, as well as MD5 password authentication for another pool of other PostgreSQL users who are not part of our Active Directory. LDAP could be used, but then we would have to move the current external users into the AD, and I'm not sure that can happen due to policy reasons.

> Doing what you describe here doesn't seem to me to be a good idea as
> PostgreSQL has no provisions for making its internal catalogs usable in this
> manner - or even at all outside of the libpq protocol - for security
> reasons. The internal user database for a system is seldom made accessible
> for other applications that do not intend to make use of the actual service
> that system is providing.
>
>I'm not apt to have any other useful suggestions but describing why you want
> to do this thing may encourage others to suggest additional alternatives.

Looking at building a JSON RESTFul API that connects to the database to performs CRUD operations.

David J.

This message contains information, which may be in confidence and may be subject to legal privilege. If you are not the intended recipient, you must not peruse, use, disseminate, distribute or copy this message. If you have received this message in error, please notify us immediately (Phone 0800 665 463 or info(at)linz(dot)govt(dot)nz) and destroy the original message. LINZ accepts no responsibility for changes to this email, or for any attachments, after its transmission from LINZ. Thank You.