Re: Feature request support MS Entra ID Authentication from On-premises PostreSQL server

From: Andrew Dunstan <andrew(at)dunslane(dot)net>
To: rs(dot)trevk(at)gmail(dot)com, pgsql-hackers(at)lists(dot)postgresql(dot)org
Subject: Re: Feature request support MS Entra ID Authentication from On-premises PostreSQL server
Date: 2024-02-11 15:01:51
Message-ID: f331f33c-b897-5436-c667-e50b3e53244f@dunslane.net
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers


On 2024-02-10 Sa 12:26, rs(dot)trevk(at)gmail(dot)com wrote:
>
> Hi all,
>
> Don’t know if I got this to the right group.
>
> Proposal Template For a New Feature
>
> One-line Summary:  Feature request Natively integration support Azure
> Microsoft Entra ID for authentication from On-premises PostreSQL server.
>
> Business Use-case: Explain the problem that you are trying to solve
> with the proposal.
>
> Using new Authentciation method (entra ID) vs Ldap method for
> On-Premises PostgreSQL server databases.
>
> User impact with the change:
>
> Trying to stream line accounts so we only have one place for Users and
> accounts, for onboarding
>
> and offboarding and our Echo system is starting to move to Azure, but
> we still have On-premises PostgresSQL servers.
>
> Our Security groups want us to use new Authentication methods and have
> integration into MS Entra ID.
>
> I know that I can from the Azure PostgreSQL log in with Azure Entra ID
> with psql.exe and pgAdmin 4 and have this working for the Azure
> PostgreSQl database.
>
> But have not found a way to do this with our On-premises PostgreSQL
> server databases.
>
> There may be a method for  already doing this but I have not found it,
> and I am very new to PostgreSQL.
>

What is the difference between this and ActiveDirectory? AD is already
usable as an authentication mechanism. See for example
<https://www.crunchydata.com/blog/windows-active-directory-postgresql-gssapi-kerberos-authentication>

cheers

andrew

--
Andrew Dunstan
EDB:https://www.enterprisedb.com

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Robert Haas 2024-02-11 16:34:11 Re: Collation version tracking for macOS
Previous Message Mats Kindahl 2024-02-11 14:44:42 Re: glibc qsort() vulnerability