Thanks for the infos. Concerning authentification, one thing is not clear for me. In the docs it is written that GSSAPI
onlinux must be enabled on building postgres, so I have reallly to compile postgres for enabling SSO with windows
clientsto linux database server? I'm working with pg version 9.4 on ubuntu 14.04.
Guido
________________________________________
Von: Albe Laurenz [laurenz.albe@wien.gv.at]
Gesendet: Donnerstag, 26. November 2015 21:07
An: Häfliger Guido; pgsql-admin@postgresql.org
Betreff: RE: pg_service and ldap
Häfliger Guido wrote:
> I would like to configure pg_service.conf with an ldap-url so that pg_service takes the login
> informations from a Windows Domain Server (windows-client is connected to the domain).
> The database is running on a linux server where pam-authentification is configured.
> I want omit that the user have to login another time when he connect to the database.
> Is this possible? If yes, can somebody give me a hint how to set the ldap-url?
pg_service.conf cannot help you with authentication, it helps you to map a
symbolic database name to the actual connection parameters.
The only difference when you use an LDAP URL is that the connection data are
not stored locally on the client, but on an LDAP server.
You could theoretically store the clear text password on the LDAP server and
use it for authentiction, but that would be a very bad idea since the LDAP server
must be configured for anonymous bind.
Think of it as a kind of public phone book.
If you want single sign-on on Windows, you should look into SSPI authentication:
http://www.postgresql.org/docs/9.4/static/auth-methods.html#SSPI-AUTH
Yours,
Laurenz Albe