Thread: Requesting Information for GSSAPI

Requesting Information for GSSAPI

From

Lingesan Jeyapandy

Date:

27 June 2023, 17:51:06

Team,

We have configured postgres GSSAPI setup on Linux server. We have huge domain AD users in our org.

But we are looking to limit access only to setup AD distributed groups. Is there any way to control access only at AD distribution list user can only access gssapi configured postgres environment.

Our postgres version is 15.

Regards,

Lingesan Jeyapandy

Re: Requesting Information for GSSAPI

From

Stephen Frost

Date:

12 July 2023, 21:54:32

Greetings,

* Lingesan Jeyapandy (...) wrote:
> We have configured postgres GSSAPI setup on Linux server.   We have huge domain AD users in our org.
>
> But we are looking to limit access only to setup AD distributed groups. Is there any way to control access only at AD
distributionlist user can only access gssapi configured postgres environment. 
>
> Our postgres version is 15.

To be able to log into the PG server, an account in PG has to exist.  If
it doesn't, then the user won't be able to log in.

There are some options for sync'ing specific AD groups into PG
accounts, eg:

https://github.com/larskanis/pg-ldap-sync

Thanks,

Stephen

Attachment

signature.asc