Greetings, * Holger Jakobs (holger@xxxxxxxxxx) wrote: > SSPI using AD accounts for authentication works only in a complete Windows > environment. The client and the server machine have to be member of the same > AD environment, which isn't possible for non-Windows machines. Otherwise, > there is no trust between the machines. This isn't accurate- you can certainly have cross-realm trust between Windows and non-Windows realms and you can also have non-Windows systems joined to a Windows realm. On the Windows systems, this uses SSPI, and on the non-Windows systems it uses GSSAPI, but the two are compatible and will work with each other just fine for authentication. > An automatic creation of PostgreSQL roles from AD accounts has to be done > outside PostgreSQL, i. e. by a script running regularly. This is accurate, thoguh there are tools out there to do this for you, such as: https://github.com/larskanis/pg-ldap-sync Thanks, Stephen
Attachment:
signature.asc
Description: PGP signature
