Hi all
I've implemented PgJDBC SSPI support for Windows clients for a customer
and would like to merge it into PgJDBC.
I now have a PgJDBC patch that permits passwordless, secure
single-sign-on from a JVM running on a Windows client to a PostgreSQL
server running on a Windows server that has domain-trust for the client.
Under the hood Windows does it with Kerberos (for networked domain
authentication) or NTLM (for loopback on standalone hosts) but we don't
have to care. We just broker the SSPI messaging between client and
server until the servers confirms successful authentication.
I've written it up a bit in https://github.com/pgjdbc/pgjdbc/issues/202 .
There's some cleanup work to do before merging though, and I'd
appreciate a few comments. I've added details to the github issue,
mainly around dependency fetching/management and backward compatibility.
Your input would be welcomed.
--
Craig Ringer http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Training & Services