Re: authenticating using Active Directory? - Mailing list pgsql-admin

From Jeffrey Shaw
Subject Re: authenticating using Active Directory?
Date
Msg-id CAJYh909Xd0dAjG6Rww_5GPH2RdtQWuBJTmtFLEtvxRHVRP3PLQ@mail.gmail.com
Whole thread Raw
In response to Re: authenticating using Active Directory?  (Stephen Frost <sfrost@snowman.net>)
Responses Re: authenticating using Active Directory?
List pgsql-admin
I spent a significant amount of time trying to make Windows users able to authenticate to PostgreSQL using Kerberos. I found that it was only possible if the server was running on Windows. If I ran the server on Linux, only Linux clients were able to authenticate. I asked EnterpriseDB for help, and they confirmed that PostgreSQL on Linux doesn't support Windows clients with Active Directory.

If someone has been able to make it work, I'd love to hear how.

Jeff

On Sat, Mar 7, 2015 at 8:57 AM, Stephen Frost <sfrost@snowman.net> wrote:
Jay,,

* John Scalia (jayknowsunix@gmail.com) wrote:
> A new federal related project has asked me if PostgreSQL can authenticate a user using Active Directory or LDAP. I've never used either of these and therefore have no real idea.
> Hence, my question. Is there a way to use either of these technologies to authenticate a user?

The short answer is yes.  Active Directory uses Kerberos for
authentication, which PostgreSQL supports through the GSS authentication
mechanism.

LDAP authentication is also supported but is strongly discouraged in an
Active Directory environment (by Microsoft) as Kerberos should be used
instead since it's a much more secure solution.  LDAP-based
authentication requires sending the password to PG as cleartext.

        Thanks!

                Stephen

pgsql-admin by date:

Previous
From: Stephen Frost
Date:
Subject: Re: authenticating using Active Directory?
Next
From: Stephen Frost
Date:
Subject: Re: authenticating using Active Directory?