| From: | Dave Cramer <pg(at)fastcrypt(dot)com> |
|---|---|
| To: | Magnus Hagander <magnus(at)hagander(dot)net> |
| Cc: | Mike Feld <m1f7(at)aol(dot)com>, pgsql-general(at)lists(dot)postgresql(dot)org |
| Subject: | Re: psycopg2 and java gssapi questions |
| Date: | 2017-12-21 11:08:37 |
| Message-ID: | CADK3HHLX17M9Wht+0a-qAU4XdarAkE3gazDgr=k-jVpHXMgn8g@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On 21 December 2017 at 05:27, Magnus Hagander <magnus(at)hagander(dot)net> wrote:
>
>
> On Wed, Dec 20, 2017 at 8:42 PM, Mike Feld <m1f7(at)aol(dot)com> wrote:
>
>> Is it possible to authenticate with Postgres from a standalone
>> application using gssapi? In other words, I am able to authenticate with
>> Postgres when a human has logged in to either Windows or Linux and
>> generated a ticket, but is it possible for say a Django site or Java
>> application running on some server somewhere to authenticate with Postgres
>> using gssapi? I realize that psycopg2 has a connection parameter for
>> “krbsrvname”, but how does it generate a ticket? Is this the only
>> alternative to secure authentication since Postgres does not support secure
>> ldap (ldaps)?
>>
>
> Sure it is.
>
> libpq won't generate the initial ticket, though. The way to do it is to
> have your django or whatever application run "kinit" for the user before it
> starts. This will request a TGT, and the ticket will be present in that
> users environment, and will be used by the libpq client. (it might look
> slightly different for a Java client, but the principle is the same)
>
>
JDBC docs on GSSAPI can be found
https://jdbc.postgresql.org/documentation/head/connect.html
Dave Cramer
davec(at)postgresintl(dot)com
www.postgresintl.com
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Stephen Frost | 2017-12-21 11:19:13 | Re: psycopg2 and java gssapi questions |
| Previous Message | Hans Schou | 2017-12-21 10:37:05 | Deadlock with one table - PostgreSQL is doing it right |