> Hi to all,
>
> Actually I try to authenticate my Linux Postgres installation
> against Active Directory, I find 3 solution to use:
>
> 1) LDAP
> 2) Pam and Kerberos
> 3) Kerberos alone
(3) is the one I've been using, and it works very well. I've been
working on a HOWTO, but it' snot done yet.
Note that if your clients are on win32, you need at least version 8.0.2.
> For the 2 kerberos solution I don't find to much
> documentation, I try to compile postgres with kerberos using
> this configure flag:
>
> --with-krb5=/usr/
> --with-includes=/usr/include/
> --with-libraries=/usr/lib/
>
> My kerberos installation is in
> /usr/bin and /usr/sbin for the binary
> /usr/lib/ libkrb5.* e
> libk5crypto.so
> and libkadm5
> /usr/include/ krb5.h heaser file
>
> But seems that I miss something because when I put the krb5
> word in the pg_hba.conf and I try to connect the system give
> me the error:
For AD to do proper interop, the SPN has to be in uppercase. For this
you need to recompile postgresql using --with-krbsrvnam=POSTGRES on both
client and server. (You will be able to change this at runtime in 8.1)
Naturally you will have to recreate the service account in AD with the
proper SPN.
//Magnus