Search Postgresql Archives

SSPI Feature Request

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi,

 

SSPI Kerberos\NTLM authentication (Windows environment) currently only authenticates users, however, it does not authenticate a user against an LDAP \ Active Directory group.

This makes administration complex because an administrator would need to add\remove each user to\from an instance or if a user changes role then their permissions would need to be altered.

If you have many instances and many users then this becomes a long process which can be prone to error.

 

Industry best practices would be to define group(s) and assign permissions and roles to these and have SSPI authenticate users against these groups.

The responsibility of granting or altering permissions is at the LDAP \ Active Directory level which is its prime purpose.

This is something that other RDBMS can do and it would make PostgreSQL a far more attractive solution from that perspective.

 

Can you please look at making this possible?

 

This has been raised before (below) but nothing has been progressed further...

https://www.postgresql.org/message-id/20201016160029.GO19056%40tamriel.snowman.net

 

Many thanks.

John.



Disclaimer

***************************************************************************
PRIVATE & CONFIDENTIAL
This email may contain legally privileged, confidential information or copyright material of the sender or a third party. This email and any attachments are intended for the addressee(s) only. If you are not the intended recipient, please contact the sender by reply email and delete this email and any attachments immediately. You must not read, copy, use, distribute or disclose the contents of this email or any attachments without the consent of the sender or the relevant third party. The sender does not accept responsibility for any unauthorised use or reliance on the contents of this email including any attachments. Except as required by law, the sender does not represent or warrant that the integrity of this email has been maintained or that it is free from errors, viruses, interceptions or interference. Any views expressed by the sender in this email and any attachments are those of the individual sender, except where the sender specifically states them to be the views of a relevant third party.
This notice should not be removed from this email.
***************************************************************************

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]

  Powered by Linux