Thread: Fedora 13 and yum.pgsqlrpms.org

Fedora 13 and yum.pgsqlrpms.org

From
Jerry LeVan
Date:
Will the repository be updated for Fedora 13 in the
near future :)

I had to disable the repo because yumex croaks when it
cannot find the repository.

Jerry


Re: Fedora 13 and yum.pgsqlrpms.org

From
Devrim GÜNDÜZ
Date:
On Sat, 2010-05-29 at 13:18 -0400, Jerry LeVan wrote:
>
> Will the repository be updated for Fedora 13 in the
> near future :)
>
> I had to disable the repo because yumex croaks when it
> cannot find the repository.

FWIW, I pushed Fedora-13 packages to my repository:

http://yum.pgrpms.org/news-fedora13-packages-released.php
http://yum.pgrpms.org/8.4/fedora/fedora-13-i386/repoview/
http://yum.pgrpms.org/8.4/fedora/fedora-13-x86_64/repoview/

Regards,
--
Devrim GÜNDÜZ
PostgreSQL Danışmanı/Consultant, Red Hat Certified Engineer
PostgreSQL RPM Repository: http://yum.pgrpms.org
Community: devrim~PostgreSQL.org, devrim.gunduz~linux.org.tr
http://www.gunduz.org  Twitter: http://twitter.com/devrimgunduz

Attachment

postgres authentication against Windows Domain

From
u235sentinel
Date:

Is there is a way to connect postgres to authenticate against a windows domain without recompiling and using gssapi.  Ldap perhaps?

Thanks!

Re: postgres authentication against Windows Domain

From
Joshua Tolley
Date:
On Tue, Jun 01, 2010 at 11:56:19AM -0600, u235sentinel wrote:
>    Is there is a way to connect postgres to authenticate against a windows
>    domain without recompiling and using gssapi.  Ldap perhaps?
>
>    Thanks!

This page describes, among other things, LDAP authentication:
http://www.postgresql.org/docs/8.4/interactive/auth-methods.html

You might also refer to this PGCon 2010 talk:
http://www.fosslc.org/drupal/content/secure-postgresql-deployment

--
Joshua Tolley / eggyknap
End Point Corporation
http://www.endpoint.com

Attachment

Re: postgres authentication against Windows Domain

From
Stephen Frost
Date:
* Joshua Tolley (eggyknap@gmail.com) wrote:
> On Tue, Jun 01, 2010 at 11:56:19AM -0600, u235sentinel wrote:
> >    Is there is a way to connect postgres to authenticate against a windows
> >    domain without recompiling and using gssapi.  Ldap perhaps?

I'm still trying to figure out why you wouldn't want to use GSSAPI..
It's a heck of alot better than using LDAP wrt security..

    Stephen

Attachment

Re: postgres authentication against Windows Domain

From
u235sentinel
Date:
On 06/02/2010 08:05 AM, Stephen Frost wrote:
> * Joshua Tolley (eggyknap@gmail.com) wrote:
>
>> On Tue, Jun 01, 2010 at 11:56:19AM -0600, u235sentinel wrote:
>>
> I'm still trying to figure out why you wouldn't want to use GSSAPI..
> It's a heck of alot better than using LDAP wrt security..
>
>     Stephen
>

We would have to rebuild the binaries and we're already heavily using
the database.  I could rebuild it again but it's like the fourth time
I've been asked to add a feature.  I did read that GSSAPI was the way to
go but I'm being told to try using LDAP instead.  I don't have a lot of
experience with either but I'll be able to figure it out I think :-)

Re: postgres authentication against Windows Domain

From
Stephen Frost
Date:
* u235sentinel (u235sentinel@gmail.com) wrote:
> We would have to rebuild the binaries and we're already heavily using
> the database.  I could rebuild it again but it's like the fourth time
> I've been asked to add a feature.  I did read that GSSAPI was the way to
> go but I'm being told to try using LDAP instead.  I don't have a lot of
> experience with either but I'll be able to figure it out I think :-)

Perhaps you should look at how the package managers under Debian or
RedHat build PG and turn on a similar set of options..  They typically
try to turn on everything possible and when they have to make choices
they go with what would be appropriate for most.  That would probably
reduce the amount of rebuilding you need to do..  Or you could just use
packages to begin with and probably would have avoided this entirely. :)

Using LDAP to do pass-thru auth is really horrid when Kerberos is
available, if you ask me.  It's also alot more fragile and will cause
problems when users change their passwords and they have them stored in
things like ODBC settings, etc.  With LDAP auth, users still have to
provide their password to the database server which then turns around
and tries to use the users' credentials to bind to the LDAP directory.
You'll also really want to make sure you're doing SSL for your database
connections and SSL on your LDAP connections.

    Thanks,

        Stephen

Attachment