| From: | Derrick Stensrud <dstensrud(at)worleyco(dot)com> |
|---|---|
| To: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: Anyone? Best way to authenticate postgres against |
| Date: | 2006-12-19 21:52:02 |
| Message-ID: | 45885F02.9070209@worleyco.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Is anyone successfully using pam_ldap with postgres to authenticate
database users? I've read a million how to docs but I've hit a road block.
Magnus Hagander wrote:
> Stephen Frost wrote:
>
>> * John McCawley (nospam(at)hardgeus(dot)com) wrote:
>>
>>> (I am working on this project with Derrick.) We have to use the Active
>>> Directory to authenticate not only users from our client-side app (We're
>>> attempting to use PostgreSQL essentially as a proxy authentication
>>> mechanism), but also for connections to the SFTP server, and finally our
>>> web app. Rather than doing three separate binding mechanisms, we wanted
>>> to do the PAM/AD work once, and then have everything else defer to PAM
>>> for authentication.
>>>
>
> Ok. That certainly makes sense. Just that I can't help you then :-)
>
>
>
>
>> Have you considered using Kerberos to auth against AD instead of trying
>> to use LDAP binding? If you still want to use PAM then you might check
>> out libpam-krb5, which from a bit of googling appears to work w/ AD
>> Kerberos. Of course, an alternative might be to try using the native
>> Kerberos support in Postgres which I've heard may work w/ the Postgres
>> ODBC driver...
>>
>
> The native one works very well with the ODBC driver, and should work
> with anything based off libpq. Which means anything that's not Java or
> .NET, I think.
>
>
>
>> Personally, I've gotten the Postgres ODBC driver working under windows
>> with MIT Kerberos and I've gotten Firefox under Windows working w/ MIT
>> Kerberos and using negotiate with Apache2 to authenticate users of
>> PhpPgAdmin to Postgres. I'm pretty sure all of this is possible with AD
>> instead of MIT Kerberos, or possibly even through a cross-realm setup.
>>
>
> It works with AD on the server side, you still need to install MIT
> Kerberos on the client.
>
> //Magnus
>
> ---------------------------(end of broadcast)---------------------------
> TIP 3: Have you checked our extensive FAQ?
>
> http://www.postgresql.org/docs/faq
>
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Alvaro Herrera | 2006-12-19 21:54:58 | Re: admin82.sql |
| Previous Message | Alvaro Herrera | 2006-12-19 21:51:39 | Re: Autovacuum Improvements |