This one time, at band camp, Denis Feklushkin said: > Need possibility to authenticate pgsql user via Kerberos. > > Currently option for passing path to kerberos keytab file don't > exist and before start using of nss-pgsql2 root needs to execute > kerberos command kinit on the host where nss-pgsql2 installed. > > (Perhaps this is not a problem in libnss-pgsql2 package, but I could > not determine where it, may be in libpq5?)
I can't imagine that relying on kereros for NSS is going to work well for you. NSS resolution happens in the context of the user running the process, so each user will need a keytab to access the database before name resolution will work for them. This will be a severe boot strap problem - you'll need to be logged in to run kinit to verify who you are before you can log in. This software is bascially dead upstream as far as I can tell, and I seem to be the only one looking after it in Debian at the moment. I think that kerberos isn't suited for this, unless you can convince me otherwise, so I'm not likely to spend any time on this problem. If you can show me I'm misunderstanding how the process can work, I'll be happy to look at how hard it would be to add support. Cheers, -- ----------------------------------------------------------------- | ,''`. Stephen Gran | | : :' : sg...@debian.org | | `. `' Debian user, admin, and developer | | `- http://www.debian.org | -----------------------------------------------------------------
signature.asc
Description: Digital signature
