[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[Ovirt-devel] PostgreSQL supports GSSAPI auth..



I notice that the WUI appliance creates a random password for the postgresql
server in its setup.

PostgreSQL has long had Kerberos support authenticating users against their
kerberos password, instead of tracking it in the PG user database, but more
compelling is that it also recently gained GSSAPI support for single-signon

If your PG client (ie oVirt WUI/taskomatic) has a client principle, then
it can login to PG without needing a password. ALl that is needed is to
create a PG user with matching username to your client principle username

http://developer.postgresql.org/pgdocs/postgres/auth-methods.html#GSSAPI-AUTH
http://developer.postgresql.org/pgdocs/postgres/auth-methods.html#KERBEROS-AUTH

oVirt of course already has a client principle since it uses that to talk
to libvirt, so it strikes me that it ought to be possible to just use that
for PG too, and do away with generating a random password for PG

Daniel
-- 
|: Red Hat, Engineering, London   -o-   http://people.redhat.com/berrange/ :|
|: http://libvirt.org  -o-  http://virt-manager.org  -o-  http://ovirt.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505  -o-  F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]