Greetings, * chlor (hans.schou@xxxxxxxxx) wrote: > I have a Linux server which is setup with authentication via LDAP against a > Windows A/D. In pg_hba I have > host ... ldap ldapserver=example.org ldapprefix="" ldapsuffix="@example.org" > > The user is also created in PostgreSQL but without a password. > I can then login with psql from a Windows client with a user defined in the > AD. > > But the problem is that psql asks for a password. > Is it possible to make a single sign-on without the password prompt? Yes, use GSSAPI based authentication instead of LDAP. Using GSSAPI is also more secure and avoids sending the user's password to the PG server. PG Docs: https://www.postgresql.org/docs/current/gssapi-auth.html Blog I wrote about setting it up: https://blog.crunchydata.com/blog/windows-active-directory-postgresql-gssapi-kerberos-authentication Thanks, Stephen
Attachment:
signature.asc
Description: PGP signature
