Home > mailing lists

Re: 9.6.9 Default configuration for a default installation butdifferent with-krb-srvnam - Mailing list pgsql-general

From	Stephen Frost
Subject	Re: 9.6.9 Default configuration for a default installation butdifferent with-krb-srvnam
Date	April 30, 2019 05:21:54
Msg-id	20190430022153.GP6197@tamriel.snowman.net Whole thread Raw
In response to	RE: 9.6.9 Default configuration for a default installation butdifferent with-krb-srvnam (Jean-Philippe Chenel <jp.chenel@LIVE.CA>)
List	pgsql-general

Tree view

Greetings,

* Jean-Philippe Chenel (jp.chenel@LIVE.CA) wrote:
> You're absolutely right, the mapping work very well.

Great, glad to hear it.

> I've created 2 "service user" on Active Directory (postgres and postgres_dev), and generated the keytab like this:
>
> ktpass -out postgres_pg1.keytab -princ postgres/PGDOMT1.ad.com@AD.COM -mapUser AD\postgres -pass 'UserPass1' -mapOp
add-crypto ALL -ptype KRB5_NT_PRINCIPAL 
>
> ktpass -out postgres_pg2.keytab -princ postgres/PGDOMT2.ad.com@AD.COM -mapUser AD\postgres_dev -pass 'UserPass2'
-mapOpadd -crypto ALL -ptype KRB5_NT_PRINCIPAL 

I would strongly suggest you use passwords that are randomly generated
and not sent to a public, archived, mailing list.  If someone knows the
password, they can impersonate the server.

Thanks!

Stephen

Attachment

signature.asc

pgsql-general by date:

From: Jean-Philippe Chenel
Date: 30 April 2019, 05:19:35
Subject: RE: 9.6.9 Default configuration for a default installation butdifferent with-krb-srvnam

From: Daulat Ram
Date: 30 April 2019, 06:46:07
Subject: ERROR: operator does not exist: timestamp without time zone +integer

Re: 9.6.9 Default configuration for a default installation butdifferent with-krb-srvnam - Mailing list pgsql-general

Attachment

Previous

Next