Re: Use AD-account as login into Postgres.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



We prefer that you don't top-post on the PG mailing lists, thanks.

* Gabriel Guillem Barceló Soteras (gbarcelo@xxxxxxxxxxxxxx) wrote:
> Still, in Windows environments, PostgreSQL uses a separated keytab in filesystem.
> This is *nix-fashioned way to give an identity to the process.
> Windows native way would be service with MSA/gMSA identoty configured (or computter account i.e. NETWORK SERVICE) , but I think that is not possible...

There's a detailed explanation of how to do this here:

> pg_hba.conf
> hostgssenc all pg_user@dom.internal<mailto:pg_user@dom.internal> gss include_realm=1 krb_realm=DOM.INTERNAL
> Then, on postgres.conf (*NIX or Windows)

This might be what is tripping you up- we don't yet support
GSSAPI/Kerberos encrypted connections when using SSPI (which is what
you're using on Windows).  I hope to propose a patch to implement that
but it's not yet in PG.

Try instead:

host all all gss include_realm=1 krb_realm=DOM.INTERNAL

> Note that I have not touched pg_ident.conf, and created a login instead...

Yes, you'll need to create the user in PostgreSQL.



Attachment: signature.asc
Description: PGP signature

[Index of Archives]     [Postgresql Home]     [Postgresql General]     [Postgresql Performance]     [Postgresql PHP]     [Postgresql Jobs]     [PHP Users]     [PHP Databases]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Databases]     [Yosemite Forum]

  Powered by Linux