Обсуждение: Fedora 13 and yum.pgsqlrpms.org
Will the repository be updated for Fedora 13 in the near future :) I had to disable the repo because yumex croaks when it cannot find the repository. Jerry
On Sat, 2010-05-29 at 13:18 -0400, Jerry LeVan wrote: > > Will the repository be updated for Fedora 13 in the > near future :) > > I had to disable the repo because yumex croaks when it > cannot find the repository. FWIW, I pushed Fedora-13 packages to my repository: http://yum.pgrpms.org/news-fedora13-packages-released.php http://yum.pgrpms.org/8.4/fedora/fedora-13-i386/repoview/ http://yum.pgrpms.org/8.4/fedora/fedora-13-x86_64/repoview/ Regards, -- Devrim GÜNDÜZ PostgreSQL Danışmanı/Consultant, Red Hat Certified Engineer PostgreSQL RPM Repository: http://yum.pgrpms.org Community: devrim~PostgreSQL.org, devrim.gunduz~linux.org.tr http://www.gunduz.org Twitter: http://twitter.com/devrimgunduz
Вложения
Is there is a way to connect postgres to authenticate against a windows domain without recompiling and using gssapi. Ldap perhaps?
Thanks!
On Tue, Jun 01, 2010 at 11:56:19AM -0600, u235sentinel wrote: > Is there is a way to connect postgres to authenticate against a windows > domain without recompiling and using gssapi. Ldap perhaps? > > Thanks! This page describes, among other things, LDAP authentication: http://www.postgresql.org/docs/8.4/interactive/auth-methods.html You might also refer to this PGCon 2010 talk: http://www.fosslc.org/drupal/content/secure-postgresql-deployment -- Joshua Tolley / eggyknap End Point Corporation http://www.endpoint.com
Вложения
* Joshua Tolley (eggyknap@gmail.com) wrote:
> On Tue, Jun 01, 2010 at 11:56:19AM -0600, u235sentinel wrote:
> > Is there is a way to connect postgres to authenticate against a windows
> > domain without recompiling and using gssapi. Ldap perhaps?
I'm still trying to figure out why you wouldn't want to use GSSAPI..
It's a heck of alot better than using LDAP wrt security..
Stephen
Вложения
On 06/02/2010 08:05 AM, Stephen Frost wrote: > * Joshua Tolley (eggyknap@gmail.com) wrote: > >> On Tue, Jun 01, 2010 at 11:56:19AM -0600, u235sentinel wrote: >> > I'm still trying to figure out why you wouldn't want to use GSSAPI.. > It's a heck of alot better than using LDAP wrt security.. > > Stephen > We would have to rebuild the binaries and we're already heavily using the database. I could rebuild it again but it's like the fourth time I've been asked to add a feature. I did read that GSSAPI was the way to go but I'm being told to try using LDAP instead. I don't have a lot of experience with either but I'll be able to figure it out I think :-)
* u235sentinel (u235sentinel@gmail.com) wrote:
> We would have to rebuild the binaries and we're already heavily using
> the database. I could rebuild it again but it's like the fourth time
> I've been asked to add a feature. I did read that GSSAPI was the way to
> go but I'm being told to try using LDAP instead. I don't have a lot of
> experience with either but I'll be able to figure it out I think :-)
Perhaps you should look at how the package managers under Debian or
RedHat build PG and turn on a similar set of options.. They typically
try to turn on everything possible and when they have to make choices
they go with what would be appropriate for most. That would probably
reduce the amount of rebuilding you need to do.. Or you could just use
packages to begin with and probably would have avoided this entirely. :)
Using LDAP to do pass-thru auth is really horrid when Kerberos is
available, if you ask me. It's also alot more fragile and will cause
problems when users change their passwords and they have them stored in
things like ODBC settings, etc. With LDAP auth, users still have to
provide their password to the database server which then turns around
and tries to use the users' credentials to bind to the LDAP directory.
You'll also really want to make sure you're doing SSL for your database
connections and SSL on your LDAP connections.
Thanks,
Stephen