On Sat, Sep 29, 2001 at 07:05:19PM -0700, Sean Chittenden wrote:
> For the sake of example, let's say I've got the principle:
> johndoe@REALM.COM. Do I need to create a principle
> johndoe/postgres@REALM.COM? If so, what is the keytab that I'd create
> for the postmaster? postgres/host.example.com@REALM.COM?
You're right about the keytab -- the postmaster needs a key for
"postgres/hostname@REALM" in the keytab file (which it needs to be able
to read -- I often forget that) in order to use Kerberos for
authentication.
Authorization is still handled the same way it would be if you were
using password authentication (i.e., you need to grant privileges to
particular users for particular databases and tables, in your example,
for a user named "johndoe").
HTH,
Nalin
