Marcus' guide looks great.
So what's the pros/cons of using the Kerberos via GSSAPI method, rather than going for the SingleSignOn method
mentionedby Sunday?
________________________________________
From: SUNDAY A. OLUTAYO [olutayo@sadeeb.com]
Sent: Saturday, 25 August 2012 12:00 a.m.
To: Craig Ringer
Cc: Jeremy Palmer; pgsql-general@postgresql.org
Subject: Re: [GENERAL] Windows SIngle Sign On - LINUX Server
In real world deployment, LDAP and Kerbero are often combined for authentication and authorization.
The link below is a well documented howto:
https://help.ubuntu.com/community/SingleSignOn
Thanks,
Sunday Olutayo
----- Original Message -----
From: "Craig Ringer" <ringerc@ringerc.id.au>
To: "SUNDAY A. OLUTAYO" <olutayo@sadeeb.com>
Cc: "Jeremy Palmer" <JPalmer@linz.govt.nz>, pgsql-general@postgresql.org
Sent: Friday, August 24, 2012 12:48:01 PM
Subject: Re: [GENERAL] Windows SIngle Sign On - LINUX Server
On 08/24/2012 06:10 PM, SUNDAY A. OLUTAYO wrote:
> LDAP will be your best choice for SSO, Ubuntu Linux can authenticate against AD.
I'm not at all convinced by that. Active Directory functions as a
Kerberos KDC. Kerberos provides secure authentication and (unlike LDAP)
single sign-on.
http://technet.microsoft.com/en-us/library/bb742516.aspx
Use Kerberos via GSSAPI. Here's a good starting point by Marcus:
http://www.hagander.net/talks/Deploying%20PostgreSQL%20in%20a%20Windows%20Enterprise.pdf
--
Craig Ringer
This message contains information, which is confidential and may be subject to legal privilege. If you are not the
intendedrecipient, you must not peruse, use, disseminate, distribute or copy this message. If you have received this
messagein error, please notify us immediately (Phone 0800 665 463 or info@linz.govt.nz) and destroy the original
message.LINZ accepts no responsibility for changes to this email, or for any attachments, after its transmission from
LINZ.Thank You.