Jay,,
* John Scalia (jayknowsunix@gmail.com) wrote:
> A new federal related project has asked me if PostgreSQL can authenticate a user using Active Directory or LDAP. I've
neverused either of these and therefore have no real idea.
> Hence, my question. Is there a way to use either of these technologies to authenticate a user?
The short answer is yes. Active Directory uses Kerberos for
authentication, which PostgreSQL supports through the GSS authentication
mechanism.
LDAP authentication is also supported but is strongly discouraged in an
Active Directory environment (by Microsoft) as Kerberos should be used
instead since it's a much more secure solution. LDAP-based
authentication requires sending the password to PG as cleartext.
Thanks!
Stephen