Thread: LDAP, single sign on from Windows client
Hi
I have a Linux server which is setup with authentication via LDAP against a Windows A/D. In pg_hba I have
host ... ldap ldapserver=example.org ldapprefix="" ldapsuffix="@example.org"
The user is also created in PostgreSQL but without a password.
I can then login with psql from a Windows client with a user defined in the AD.But the problem is that psql asks for a password.
Is it possible to make a single sign-on without the password prompt?
The Linux (Ubuntu) has been joined to the domain with "realm" but it doesn't seem to change anything.
best regards
Hans Schou
Greetings, * chlor (hans.schou@gmail.com) wrote: > I have a Linux server which is setup with authentication via LDAP against a > Windows A/D. In pg_hba I have > host ... ldap ldapserver=example.org ldapprefix="" ldapsuffix="@example.org" > > The user is also created in PostgreSQL but without a password. > I can then login with psql from a Windows client with a user defined in the > AD. > > But the problem is that psql asks for a password. > Is it possible to make a single sign-on without the password prompt? Yes, use GSSAPI based authentication instead of LDAP. Using GSSAPI is also more secure and avoids sending the user's password to the PG server. PG Docs: https://www.postgresql.org/docs/current/gssapi-auth.html Blog I wrote about setting it up: https://blog.crunchydata.com/blog/windows-active-directory-postgresql-gssapi-kerberos-authentication Thanks, Stephen