RE: 9.6.9 Default configuration for a default installation butdifferent with-krb-srvnam - Mailing list pgsql-general

Greetings,

* Jean-Philippe Chenel (jp.chenel@LIVE.CA) wrote:
> I've configured the GSSAPI authentication with MS Active Directory and it works very well.

Glad to hear that.

> The problem is that we have a dev and prod environment and each server must be configured with gssapi again the domain controller. The default user is "postgres" and it cannot be bound to both postgresql server at the same time to the same userPrincipalName on the Windows domain controller.

You should be able to just use a different user in AD for each server,
and then map 'postgres/dev.hostname@REALM' to the dev user and
'postgres/prod.hostname@REALM' to the prod user in AD and everything
should work just fine.

> 1. So my question is, how can I compile this version of postgresql (9.6.9) and have the same real things of the default previously installed version, but with the --with-krb-srvnam=POSTGRES_DEV to change the default user name? So one server will have the postgres user and the other one will have postgres_dev user.

You shouldn't need to compile with a different krb srvname (and I
wouldn't recommend that you do).  If you *really* want to have a
different srvname, you don't have to recompile anything if you update
your client and server side configs to match whatever you want the
srvname to be, but, again, you shouldn't need to do that and doing so is
just confusing (particularly building different binaries, since then
some binaries will think 'postgres' is the default srvname and some will
think 'whatever' is, while otherwise being the same...).

> 3. Maybe can we configure things differently, if something else can be done to make this work, I'm open to suggestions.

Create different users in AD for each and then map to them.  You don't
need to have a different srvname.

Thanks,

Stephen