Stephen Frost wrote:
* John McCawley (nospam@xxxxxxxxxxxx) wrote:
(I am working on this project with Derrick.) We have to use the Active
Directory to authenticate not only users from our client-side app (We're
attempting to use PostgreSQL essentially as a proxy authentication
mechanism), but also for connections to the SFTP server, and finally our
web app. Rather than doing three separate binding mechanisms, we wanted
to do the PAM/AD work once, and then have everything else defer to PAM
for authentication.
Ok. That certainly makes sense. Just that I can't help you then :-)
Have you considered using Kerberos to auth against AD instead of trying
to use LDAP binding? If you still want to use PAM then you might check
out libpam-krb5, which from a bit of googling appears to work w/ AD
Kerberos. Of course, an alternative might be to try using the native
Kerberos support in Postgres which I've heard may work w/ the Postgres
ODBC driver...
The native one works very well with the ODBC driver, and should work
with anything based off libpq. Which means anything that's not Java or
.NET, I think.
Personally, I've gotten the Postgres ODBC driver working under windows
with MIT Kerberos and I've gotten Firefox under Windows working w/ MIT
Kerberos and using negotiate with Apache2 to authenticate users of
PhpPgAdmin to Postgres. I'm pretty sure all of this is possible with AD
instead of MIT Kerberos, or possibly even through a cross-realm setup.
It works with AD on the server side, you still need to install MIT
Kerberos on the client.
//Magnus
---------------------------(end of broadcast)---------------------------
TIP 3: Have you checked our extensive FAQ?
http://www.postgresql.org/docs/faq
