From: | Jeffrey Shaw <shawjef3(at)gmail(dot)com> |
---|---|
To: | Stephen Frost <sfrost(at)snowman(dot)net> |
Cc: | John Scalia <jayknowsunix(at)gmail(dot)com>, "pgsql-admin(at)postgresql(dot)org" <pgsql-admin(at)postgresql(dot)org> |
Subject: | Re: authenticating using Active Directory? |
Date: | 2015-03-07 14:25:33 |
Message-ID: | CAJYh909Xd0dAjG6Rww_5GPH2RdtQWuBJTmtFLEtvxRHVRP3PLQ@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-admin |
I spent a significant amount of time trying to make Windows users able to
authenticate to PostgreSQL using Kerberos. I found that it was only
possible if the server was running on Windows. If I ran the server on
Linux, only Linux clients were able to authenticate. I asked EnterpriseDB
for help, and they confirmed that PostgreSQL on Linux doesn't support
Windows clients with Active Directory.
If someone has been able to make it work, I'd love to hear how.
Jeff
On Sat, Mar 7, 2015 at 8:57 AM, Stephen Frost <sfrost(at)snowman(dot)net> wrote:
> Jay,,
>
> * John Scalia (jayknowsunix(at)gmail(dot)com) wrote:
> > A new federal related project has asked me if PostgreSQL can
> authenticate a user using Active Directory or LDAP. I've never used either
> of these and therefore have no real idea.
> > Hence, my question. Is there a way to use either of these technologies
> to authenticate a user?
>
> The short answer is yes. Active Directory uses Kerberos for
> authentication, which PostgreSQL supports through the GSS authentication
> mechanism.
>
> LDAP authentication is also supported but is strongly discouraged in an
> Active Directory environment (by Microsoft) as Kerberos should be used
> instead since it's a much more secure solution. LDAP-based
> authentication requires sending the password to PG as cleartext.
>
> Thanks!
>
> Stephen
>
From | Date | Subject | |
---|---|---|---|
Next Message | Stephen Frost | 2015-03-07 14:40:28 | Re: authenticating using Active Directory? |
Previous Message | Stephen Frost | 2015-03-07 13:57:29 | Re: authenticating using Active Directory? |