Search Postgresql Archives

Re: 9.6.9 Default configuration for a default installation but different with-krb-srvnam

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Greetings,

* Jean-Philippe Chenel (jp.chenel@xxxxxxx) wrote:
> You're absolutely right, the mapping work very well.

Great, glad to hear it.

> I've created 2 "service user" on Active Directory (postgres and postgres_dev), and generated the keytab like this:
> 
> ktpass -out postgres_pg1.keytab -princ postgres/PGDOMT1.ad.com@xxxxxx -mapUser AD\postgres -pass 'UserPass1' -mapOp add -crypto ALL -ptype KRB5_NT_PRINCIPAL
> 
> ktpass -out postgres_pg2.keytab -princ postgres/PGDOMT2.ad.com@xxxxxx -mapUser AD\postgres_dev -pass 'UserPass2' -mapOp add -crypto ALL -ptype KRB5_NT_PRINCIPAL

I would strongly suggest you use passwords that are randomly generated
and not sent to a public, archived, mailing list.  If someone knows the
password, they can impersonate the server.

Thanks!

Stephen

Attachment: signature.asc
Description: PGP signature

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Books]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]

  Powered by Linux