> > Another idea is stop storing hashes altogether
>
> You can already avoid passwords by using kerberos authentication.
Are there any good docs on kerberos with postgres? Unlike almost
everything else in this project, I've found them quite lacking. My
biggest question would be I've got kerberos setup and working well. How
do I get postgres to authorize a user.
For the sake of example, let's say I've got the principle:
johndoe@REALM.COM. Do I need to create a principle
johndoe/postgres@REALM.COM? If so, what is the keytab that I'd create
for the postmaster? postgres/host.example.com@REALM.COM?
Thanks. -sc
--
Sean Chittenden