open-dsi
/
postgres
mirror of https://github.com/postgres/postgres
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
7367 Commits
37 Branches
654 Tags
742 MiB
 
 
 
 
 
 
Tag: Branch: Tree: 81b30f2cb4
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '81b30f2cb4'
${ noResults }
postgres/doc/README.kerberos

1.1 KiB
Raw Blame History 

Edit postgresql-7.0RC5/src/Makefile.global.in
Change PG_KRB_SRVTAB to somewhere useful for you, and PG_KRB_SRVNAM to
whatever you want your postgres kerberos service called.

Uncommment out KRBVERS=5 in Makefile.global.in.

Run configure, make, and install PostgreSQL.

Generate the keytab (PG_KRB_SRVTAB):
kadmin% ank -randkey postgres/server.my.domain.org
kadmin% ktadd -k krb5.keytab postgres/server.my.domain.org

Make sure the keytab is read-only to the postgres user.
Make sure your client binaries can see the new libraries.

edit pg_hba.conf and change the authentication method to krb5.

Everything should then work. If you use mod_auth_krb and mod_perl on
your web server, you can use AuthType KerberosV5SaveCredentials with a
mod_perl script. This gives secure database access over the web. No
extra passwords required. 

Cheers,

Mike Wyer,
Department of Computing, Imperial College
-- 
Mike Wyer <mw@doc.ic.ac.uk>     ||         "Woof?"
http://www.doc.ic.ac.uk/~mw     ||  Gaspode the Wonder Dog 
Work:      020 7594 8440        ||  from "Moving Pictures"
Mobile:     07879 697119        ||    by Terry Pratchett