Home > mailing lists

Re: Use AD-account as login into Postgres. - Mailing list pgsql-admin

From	Holger Jakobs
Subject	Re: Use AD-account as login into Postgres.
Date	February 9 22:05:23
Msg-id	09c4b7dc-901d-135e-087b-808c489e0d81@jakobs.com Whole thread Raw
In response to	Use AD-account as login into Postgres. (Pär Mattsson <par.x.mattsson@gmail.com>)
Responses	Re: Use AD-account as login into Postgres. Re: Use AD-account as login into Postgres.
List	pgsql-admin

Tree view

Am 09.02.24 um 19:31 schrieb Pär Mattsson:

Hi!
Is it only to config in hba.conf the connection info, to use AD-accounts to login in postgres.
This is a windows/postres intallation 🤦‍♂️✌️

Mvh Pär
+46706069645

Hi,

Short answer: No!

SSPI using AD accounts for authentication works only in a complete Windows environment. The client and the server machine have to be member of the same AD environment, which isn't possible for non-Windows machines. Otherwise, there is no trust between the machines.

An automatic creation of PostgreSQL roles from AD accounts has to be done outside PostgreSQL, i. e. by a script running regularly.

A couple of years ago, I wrote such a script for a customer.

Regards,

Holger

-- 
Holger Jakobs, Bergisch Gladbach, Tel. +49-178-9759012

Attachment

OpenPGP_signature

pgsql-admin by date:

From: David Barron
Date: 09 February, 22:01:25
Subject: RE: upgrade questions

From: Pär Mattsson
Date: 09 February, 22:31:51
Subject: Re: Use AD-account as login into Postgres.

Re: Use AD-account as login into Postgres. - Mailing list pgsql-admin

Attachment

Previous

Next