On 21 December 2017 at 05:27, Magnus Hagander <mag...@hagander.net> wrote:
> > > On Wed, Dec 20, 2017 at 8:42 PM, Mike Feld <m...@aol.com> wrote: > >> Is it possible to authenticate with Postgres from a standalone >> application using gssapi? In other words, I am able to authenticate with >> Postgres when a human has logged in to either Windows or Linux and >> generated a ticket, but is it possible for say a Django site or Java >> application running on some server somewhere to authenticate with Postgres >> using gssapi? I realize that psycopg2 has a connection parameter for >> “krbsrvname”, but how does it generate a ticket? Is this the only >> alternative to secure authentication since Postgres does not support secure >> ldap (ldaps)? >> > > Sure it is. > > libpq won't generate the initial ticket, though. The way to do it is to > have your django or whatever application run "kinit" for the user before it > starts. This will request a TGT, and the ticket will be present in that > users environment, and will be used by the libpq client. (it might look > slightly different for a Java client, but the principle is the same) > > JDBC docs on GSSAPI can be found https://jdbc.postgresql.org/documentation/head/connect.html Dave Cramer da...@postgresintl.com www.postgresintl.com
