RE: 9.6.9 Default configuration for a default installation butdifferent with-krb-srvnam

Поиск
Список
Период
Сортировка
От Jean-Philippe Chenel
Тема RE: 9.6.9 Default configuration for a default installation butdifferent with-krb-srvnam
Дата
Msg-id BYAPR03MB44855E91F30C9CE819D3A54EFD3A0@BYAPR03MB4485.namprd03.prod.outlook.com
обсуждение исходный текст
Ответ на Re: 9.6.9 Default configuration for a default installation butdifferent with-krb-srvnam  (Stephen Frost <sfrost@snowman.net>)
Ответы Re: 9.6.9 Default configuration for a default installation butdifferent with-krb-srvnam
Список pgsql-general
Дерево обсуждения

Dear Stephen,

You're absolutely right, the mapping work very well.


I've created 2 "service user" on Active Directory (postgres and postgres_dev), and generated the keytab like this:

ktpass -out postgres_pg1.keytab -princ postgres/PGDOMT1.ad.com@AD.COM -mapUser AD\postgres -pass 'UserPass1' -mapOp add -crypto ALL -ptype KRB5_NT_PRINCIPAL

ktpass -out postgres_pg2.keytab -princ postgres/PGDOMT2.ad.com@AD.COM -mapUser AD\postgres_dev -pass 'UserPass2' -mapOp add -crypto ALL -ptype KRB5_NT_PRINCIPAL


Thank you very much for your help.


De : Stephen Frost <sfrost@snowman.net>
Envoyé : 29 avril 2019 13:35
À : Jean-Philippe Chenel
Cc : pgsql-general@lists.postgresql.org
Objet : Re: 9.6.9 Default configuration for a default installation but different with-krb-srvnam
 
Greetings,

* Jean-Philippe Chenel (jp.chenel@LIVE.CA) wrote:
> If I understand, the mapping can be done in the pg_ident.conf file ?

No, you do the mapping in AD.

Look at the '/princ' and '/mapuser' options used in the ktpass command
here:

https://info.crunchydata.com/blog/windows-active-directory-postgresql-gssapi-kerberos-authentication



Thanks,

Stephen

В списке pgsql-general по дате отправления: