Re: Feature request support MS Entra ID Authentication from On-premises PostreSQL server

Hi Andrew, Additionally info:
Thank you very much for your email. Additionally info:
This is what I have been able to setup for the Azure Flexserver PostgreSQL:
[image: image.png]
And this is what I am trying to do:( just drew the bottom to diagrams) So
that we have one way to log into for all users and or apps.
[image: image.png]
Flexserver PostgreSQL has an MS Extention for PostgreSQL that has
the pgaadauth extension which I think takes care of the login info.

On Sun, Feb 11, 2024 at 4:12 PM <rs(dot)trevk(at)gmail(dot)com> wrote:

> Azure Postgres login authentication :
>
>
>
> This is how I do it for the Azure PostgreSQL, I will have to test to see
> if it will log in the same way, as I need to be able to get the token from
> Azure and pass that in as the password for the User/group account in the
> on-prem database.
>
>
>
> Thanks the link ,
>
> If anyone else has been able to authenticate on-prem PostgreSQL against
> Micorosft Entra ID and has the steps to do this that would also be good
> news.
>
>
>
> *From:* Andrew Dunstan <andrew(at)dunslane(dot)net>
> *Sent:* Sunday, February 11, 2024 8:02 AM
> *To:* rs(dot)trevk(at)gmail(dot)com; pgsql-hackers(at)lists(dot)postgresql(dot)org
> *Subject:* Re: Feature request support MS Entra ID Authentication from
> On-premises PostreSQL server
>
>
>
>
>
> On 2024-02-10 Sa 12:26, rs(dot)trevk(at)gmail(dot)com wrote:
>
> Hi all,
>
>
>
> Don’t know if I got this to the right group.
>
>
>
> Proposal Template For a New Feature
>
> One-line Summary: Feature request Natively integration support Azure
> Microsoft Entra ID for authentication from On-premises PostreSQL server.
>
>
>
> Business Use-case: Explain the problem that you are trying to solve with
> the proposal.
>
> Using new Authentciation method (entra ID) vs Ldap method for On-Premises
> PostgreSQL server databases.
>
>
>
> User impact with the change:
>
> Trying to stream line accounts so we only have one place for Users and
> accounts, for onboarding
>
> and offboarding and our Echo system is starting to move to Azure, but we
> still have On-premises PostgresSQL servers.
>
>
>
> Our Security groups want us to use new Authentication methods and have
> integration into MS Entra ID.
>
>
>
> I know that I can from the Azure PostgreSQL log in with Azure Entra ID
> with psql.exe and pgAdmin 4 and have this working for the Azure PostgreSQl
> database.
>
> But have not found a way to do this with our On-premises PostgreSQL server
> databases.
>
> There may be a method for already doing this but I have not found it, and
> I am very new to PostgreSQL.
>
>
>
>
>
> What is the difference between this and ActiveDirectory? AD is already
> usable as an authentication mechanism. See for example
> <https://www.crunchydata.com/blog/windows-active-directory-postgresql-gssapi-kerberos-authentication>
> <https://www.crunchydata.com/blog/windows-active-directory-postgresql-gssapi-kerberos-authentication>
>
>
>
> cheers
>
>
>
> andrew
>
> --
>
> Andrew Dunstan
>
> EDB: https://www.enterprisedb.com
>
>