Greetings,
* Jean-Philippe Chenel (jp.chenel@LIVE.CA) wrote:
> You're absolutely right, the mapping work very well.
Great, glad to hear it.
> I've created 2 "service user" on Active Directory (postgres and postgres_dev), and generated the keytab like this:
>
> ktpass -out postgres_pg1.keytab -princ postgres/PGDOMT1.ad.com@AD.COM -mapUser AD\postgres -pass 'UserPass1' -mapOp
add-crypto ALL -ptype KRB5_NT_PRINCIPAL
>
> ktpass -out postgres_pg2.keytab -princ postgres/PGDOMT2.ad.com@AD.COM -mapUser AD\postgres_dev -pass 'UserPass2'
-mapOpadd -crypto ALL -ptype KRB5_NT_PRINCIPAL
I would strongly suggest you use passwords that are randomly generated
and not sent to a public, archived, mailing list. If someone knows the
password, they can impersonate the server.
Thanks!
Stephen