Postgres Pro
Downloads
Home   >   mailing lists

Re: multiple Kerberos Server Principals from 1 instance of pgadmin - Mailing list pgadmin-support

From Stephen Frost
Subject Re: multiple Kerberos Server Principals from 1 instance of pgadmin
Date
Msg-id 20190816195730.GZ16436@tamriel.snowman.net
Whole thread Raw
In response to Re: multiple Kerberos Server Principals from 1 instance of pgadmin  (Ivan Novick <inovick@pivotal.io>)
List pgadmin-support
Tree view 
Greetings,

* Ivan Novick (inovick@pivotal.io) wrote:
> For greenplum database it would be gpadmin instead of postgres

I see...  I find that pretty odd- why would you change that?  I suppose
it's baked in at this point though, which is unfortunate.  If it talks
the PG protocol and is expected to be the only service on a given host,
it really should be 'postgres' imv.

> > PGKRBSRVNAME is typically either 'postgres' or 'POSTGRES', depending on
> > if you are dealing with Active Directory clients or not.  I agree that
> > it's theoretically possible that you might need to be able to configure
> > PGKRBSRVNAME on a per-server/cluster basis, but you definitely don't
> > need to be able to do so on a per-database basis and the PGKRBSRVNAME
> > has absolutely nothing to do with the user's username, nor the unix user
> > that the server actually runs as.
> >
> > What, exactly, are you thinking that value would be set to?
> >
> > Can you show what klist -k /path/to/keytab on the PG server returns?
>
> You can see here a sample output that gpadmin is referenced.
> klist -k /var/spool/keytabs/gpadmin
>
> Keytab name: FILE:/var/spool/keytabs/gpadmin
>
> KVNO Timestamp         Principal
> ---- -----------------
> --------------------------------------------------------
>    2 04/09/15 06:56:33 gpadmin/srv101.prd21.acme.com@is1.acme
>    2 04/09/15 06:56:33 gpadmin/srv101.prd21.acme.com@is1.acme
>    2 04/09/15 06:56:33 gpadmin/srv101.prd21.acme.com@is1.acme
>    2 04/09/15 06:56:33 gpadmin/srv101.prd21.acme.com@is1.acme

Thanks, that helps clarify what you're going for here.

> What would help a lot is when setting up the Server properties in pgadmin4
> if we could add a PGKRBSRVNAME variable so it can be different for each
> server.
>
> Does that make sense?

Yes, having it configurable in the Server properties makes sense.

> If the idea makes sense and is agreed, i could probably find a developer
> that would be interested to help code it up and submit.

I can't speak to how it should be exactly implemented in pgAdmin, but I
would think having it configurable as a Server property and then passed
into the connection string as a parameter would make the most sense.
Going the environment variable route seems like it would be odd to me,
but I don't hack pgAdmin much. :)

Great!

Thanks,

Stephen
Attachment

pgadmin-support by date:

Previous
From: Ivan Novick
Date:
Subject: Re: multiple Kerberos Server Principals from 1 instance of pgadmin
Next
From: Charalampos Fanoulis
Date:
Subject: Cannot log in to pgadmin interface with Docker