From: | greigwise(at)comcast(dot)net |
---|---|
To: | Stephen Frost <sfrost(at)snowman(dot)net> |
Cc: | Bryan Montgomery <monty(at)english(dot)net>, pgsql-general <pgsql-general(at)postgresql(dot)org> |
Subject: | Re: GSS Authentication |
Date: | 2010-06-16 15:13:40 |
Message-ID: | 1073922020.4657551276701220068.JavaMail.root@sz0069a.emeryville.ca.mail.comcast.net |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
OK. So, to get it to use a different encryption type, I'm thinking I'd have to specify that when I create the keytab (and then uncheck the Use DES option on the account setup in Windows). So, when I created my keytab, I used a command like this on the AD side:
ktpass -princ POSTGRES/host(dot)domain(dot)com(at)DOMAIN(dot)COM -crypto DES-CBC-MD5 -mapuser host -pass mypasswd -out postgres.keytab
So for the -crypto option, what would be your recommendation for what I should use and would this require changes on the DB server side?
Thanks again.
Greig
----- Original Message -----
From: "Stephen Frost" <sfrost(at)snowman(dot)net>
To: greigwise(at)comcast(dot)net
Cc: "Bryan Montgomery" <monty(at)english(dot)net>, "pgsql-general" <pgsql-general(at)postgresql(dot)org>
Sent: Wednesday, June 16, 2010 11:05:16 AM GMT -05:00 US/Canada Eastern
Subject: Re: [GENERAL] GSS Authentication
Greig,
* greigwise(at)comcast(dot)net (greigwise(at)comcast(dot)net) wrote:
> I finally got it working. Problem was that on the windows side on the service account within the account options, we needed to check "Use DES encryption types for this account". I had that changed on the AD side and that fixed the whole problem.
Great, glad to hear you got it working. Just to reiterate- you really
should be looking at using a 2008 AD with AES encryption types instead
of DES. DES is depreciated and no longer secure given today's
computers.
Thanks,
Stephen
From | Date | Subject | |
---|---|---|---|
Next Message | Stephen Frost | 2010-06-16 15:32:05 | Re: GSS Authentication |
Previous Message | Joshua Tolley | 2010-06-16 15:10:22 | Re: IMMUTABLE columns in tables? |