| From: | Holger Jakobs <holger(at)jakobs(dot)com> |
|---|---|
| To: | pgsql-admin(at)lists(dot)postgresql(dot)org |
| Subject: | Re: Use AD-account as login into Postgres. |
| Date: | 2024-02-09 19:05:23 |
| Message-ID: | 09c4b7dc-901d-135e-087b-808c489e0d81@jakobs.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
Am 09.02.24 um 19:31 schrieb Pär Mattsson:
> Hi!
> Is it only to config in hba.conf the connection info, to use
> AD-accounts to login in postgres.
> This is a windows/postres intallation 🤦♂️✌️
>
> Mvh Pär
> +46706069645
Hi,
Short answer: No!
SSPI using AD accounts for authentication works only in a complete
Windows environment. The client and the server machine have to be member
of the same AD environment, which isn't possible for non-Windows
machines. Otherwise, there is no trust between the machines.
An automatic creation of PostgreSQL roles from AD accounts has to be
done outside PostgreSQL, i. e. by a script running regularly.
A couple of years ago, I wrote such a script for a customer.
Regards,
Holger
--
Holger Jakobs, Bergisch Gladbach, Tel. +49-178-9759012
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Pär Mattsson | 2024-02-09 19:31:51 | Re: Use AD-account as login into Postgres. |
| Previous Message | David Barron | 2024-02-09 19:01:25 | RE: upgrade questions |