| From: | Magnus Hagander <magnus(at)hagander(dot)net> |
|---|---|
| To: | Mike Feld <m1f7(at)aol(dot)com> |
| Cc: | pgsql-general(at)lists(dot)postgresql(dot)org |
| Subject: | Re: psycopg2 and java gssapi questions |
| Date: | 2017-12-21 10:27:07 |
| Message-ID: | CABUevEyzq7ad_+qHVrqQmaf4ABRyOk0ffSEQRnYY7RHaJVn4RQ@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Wed, Dec 20, 2017 at 8:42 PM, Mike Feld <m1f7(at)aol(dot)com> wrote:
> Is it possible to authenticate with Postgres from a standalone application
> using gssapi? In other words, I am able to authenticate with Postgres when
> a human has logged in to either Windows or Linux and generated a ticket,
> but is it possible for say a Django site or Java application running on
> some server somewhere to authenticate with Postgres using gssapi? I realize
> that psycopg2 has a connection parameter for “krbsrvname”, but how does it
> generate a ticket? Is this the only alternative to secure authentication
> since Postgres does not support secure ldap (ldaps)?
>
Sure it is.
libpq won't generate the initial ticket, though. The way to do it is to
have your django or whatever application run "kinit" for the user before it
starts. This will request a TGT, and the ticket will be present in that
users environment, and will be used by the libpq client. (it might look
slightly different for a Java client, but the principle is the same)
--
Magnus Hagander
Me: https://www.hagander.net/ <http://www.hagander.net/>
Work: https://www.redpill-linpro.com/ <http://www.redpill-linpro.com/>
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Olivier Macchioni | 2017-12-21 10:34:22 | Dynamic Enum? |
| Previous Message | kiran gadamsetty | 2017-12-21 09:33:52 | Pg Upgrade failing as it is not able to start and stop server properly |