Skip to content
Snippets Groups Projects
Select Git revision
  • benchmark-tools
  • postgres-lambda
  • master default
  • REL9_4_25
  • REL9_5_20
  • REL9_6_16
  • REL_10_11
  • REL_11_6
  • REL_12_1
  • REL_12_0
  • REL_12_RC1
  • REL_12_BETA4
  • REL9_4_24
  • REL9_5_19
  • REL9_6_15
  • REL_10_10
  • REL_11_5
  • REL_12_BETA3
  • REL9_4_23
  • REL9_5_18
  • REL9_6_14
  • REL_10_9
  • REL_11_4
23 results

README.kerberos

Blame
    • README.kerberos 22.37 KiB 
    From pgsql-patches-owner@hub.org Mon May  8 13:28:54 2000
Received: from walter.doc.ic.ac.uk (IDENT:VjgMrPQKQlAhOUagIW0/IaLLtzgPtWaj@walter.doc.ic.ac.uk [146.169.2.50])
	by hub.org (8.9.3/8.9.3) with ESMTP id NAA78580
	for <pgsql-patches@postgresql.org>; Mon, 8 May 2000 13:27:41 -0400 (EDT)
	(envelope-from mw@doc.ic.ac.uk)
Received: from [146.169.51.42] (helo=kungfu.doc.ic.ac.uk ident=mw)
	by walter.doc.ic.ac.uk with esmtp (Exim 1.890 #1)
	for pgsql-patches@postgresql.org
	id 12orKe-0000J8-00; Mon, 8 May 2000 18:28:36 +0100
Date: Mon, 8 May 2000 18:27:40 +0100 (BST)
From: Mike Wyer <mw@doc.ic.ac.uk>
To: pgsql-patches@postgresql.org
Subject: kerberos 5 patch against 7.0RC5
Message-ID: <Pine.LNX.4.21.0005081804430.1265-100000@kungfu.doc.ic.ac.uk>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Archive-Number: 200005/24
Status: ORr

You can find it after my sig. Hideous abuse of netiquette, but needs
must ...

Most (nearly all) of the work was done by David Wragg <dpw@doc.ic.ac.uk>

He patched 6.5.3. I've updated it for 7.0RC5.

It works for MIT kerberos 1.1.1 (and previously for 1.0.6 as well).

I've got the patch against 6.5.3, plus kerberized RPMS.

Install:

Assuming postgresql-7.0RC5 is in /usr/local/src

cd /usr/local/src
patch -p0 < krb5-patch

Edit postgresql-7.0RC5/src/Makefile.global.in
Change PG_KRB_SRVTAB to somewhere useful for you, and PG_KRB_SRVNAM to
whatever you want your postgres kerberos service called.

make and install PostgreSQL.

Generate the keytab (PG_KRB_SRVTAB):
kadmin% ank -randkey postgres/server.my.domain.org
kadmin% ktadd -k krb5.keytab postgres/server.my.domain.org

Make sure the keytab is read-only to the postgres user.
Make sure your client binaries can see the new libraries.

edit pg_hba.conf and change the authentication method to krb5.

Everything should then work. If you use mod_auth_krb and mod_perl on
your web server, you can use AuthType KerberosV5SaveCredentials with a
mod_perl script. This gives secure database access over the web. No
extra passwords required. 

Cheers,

Mike Wyer,
Department of Computing, Imperial College
-- 
Mike Wyer <mw@doc.ic.ac.uk>     ||         "Woof?"
http://www.doc.ic.ac.uk/~mw     ||  Gaspode the Wonder Dog 
Work:      020 7594 8440        ||  from "Moving Pictures"
Mobile:     07879 697119        ||    by Terry Pratchett


===========================8<----------------------------------------------