I spent a significant amount of time trying to make Windows users able to authenticate to PostgreSQL using Kerberos. I found that it was only possible if the server was running on Windows. If I ran the server on Linux, only Linux clients were able to authenticate. I asked EnterpriseDB for help, and they confirmed that PostgreSQL on Linux doesn't support Windows clients with Active Directory.
If someone has been able to make it work, I'd love to hear how.On Sat, Mar 7, 2015 at 8:57 AM, Stephen Frost <sfrost@xxxxxxxxxxx> wrote:
Jay,,
* John Scalia (jayknowsunix@xxxxxxxxx) wrote:
> A new federal related project has asked me if PostgreSQL can authenticate a user using Active Directory or LDAP. I've never used either of these and therefore have no real idea.
> Hence, my question. Is there a way to use either of these technologies to authenticate a user?
The short answer is yes. Active Directory uses Kerberos for
authentication, which PostgreSQL supports through the GSS authentication
mechanism.
LDAP authentication is also supported but is strongly discouraged in an
Active Directory environment (by Microsoft) as Kerberos should be used
instead since it's a much more secure solution. LDAP-based
authentication requires sending the password to PG as cleartext.
Thanks!
Stephen