Re: GSSAPI / Kerberos Authentication - Mailing list pgsql-admin

From Stephen Frost
Subject Re: GSSAPI / Kerberos Authentication
Date
Msg-id 20160606130909.GJ21416@tamriel.snowman.net
Whole thread Raw
In response to Re: GSSAPI / Kerberos Authentication  (Bear Giles <bgiles@coyotesong.com>)
List pgsql-admin
Bear,

* Bear Giles (bgiles@coyotesong.com) wrote:
> The problem is connecting to the server using the JDBC driver. It currently
> uses the connection username and password to log into the KDC and also
> provides the username to the database. That works fine with a simple
> username but gets confused with principal names like above. What I plan to
> add is the ability to specify a keytab instead of the username and password
> for the JDBC driver. I banged my head against the wall for awhile before
> downloading the code and single-stepping through the login process. :-)

Doesn't the JDBC driver have a way to use an existing credential cache
though..?  Generally speaking, one uses something like k5start to
initialize (and keep current) a credential cache by using a keytab and
then the daemon (or what-have-you) uses that.

The JDBC driver really shouldn't be accepting the username/password at
all..

Thanks!

Stephen

Attachment

pgsql-admin by date:

Previous
From: Dhandapani Shanmugam
Date:
Subject: Re: user logging info
Next
From: Patrick B
Date:
Subject: Re: WAL segment NOT FOUND - Postgres 9.2