| From: | Magnus Hagander <magnus(at)hagander(dot)net> |
|---|---|
| To: | Poul Kristensen <bcc5226(at)gmail(dot)com> |
| Cc: | pgsql-admin <pgsql-admin(at)postgresql(dot)org> |
| Subject: | Re: krb5-pkinit |
| Date: | 2016-09-19 14:49:14 |
| Message-ID: | CABUevEziVNG-w0BKMmeqB4h6UuFSHRyQaTO75r7h1hzVp4q52g@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
On Mon, Sep 19, 2016 at 5:48 AM, Poul Kristensen <bcc5226(at)gmail(dot)com> wrote:
> Hi !
>
> It seems that the only way to authenticate against a kdc server is having
> preconfigured --with-krb_realm during building PostgreSQL 9.5 from source,
> which seems to mean that the Kerberos may is not in the RPM packages.
> How can I list if --with-krb_realm is already compiled into the the PG
> packages?
> sssd.conf is used instead of krb5.conf but the "kerberos" way of
> authentication method is needed.
>
It's --with-gssapi that controls the inclusion of kerberos support (the old
pure krb5 support is no longer included, as it's been obsoleted by the
gssapi support). The realm parameter only controls the default realm, and
you can override that with configuration files and connection strings.
You can check if it was included by checking the output of "pg_config
--configure". But if you are using any of the community RPM packages off
yum.postgresql.org, it is included.
However, you will need to set up the Kerberos configuration using
krb5.conf, as PostgreSQL uses the standard gssapi/krb libraries and does
not have specific support for sssd. sssd is a completely separate thing
from the basic kerberos support.
--
Magnus Hagander
Me: http://www.hagander.net/
Work: http://www.redpill-linpro.com/
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Uko | 2016-09-21 10:09:43 | Problem with extension |
| Previous Message | Poul Kristensen | 2016-09-19 10:48:55 | krb5-pkinit |