[Ovirt-devel] PostgreSQL supports GSSAPI auth..
Daniel P. Berrange
berrange at redhat.com
Tue Aug 5 16:47:24 UTC 2008
I notice that the WUI appliance creates a random password for the postgresql
server in its setup.
PostgreSQL has long had Kerberos support authenticating users against their
kerberos password, instead of tracking it in the PG user database, but more
compelling is that it also recently gained GSSAPI support for single-signon
If your PG client (ie oVirt WUI/taskomatic) has a client principle, then
it can login to PG without needing a password. ALl that is needed is to
create a PG user with matching username to your client principle username
http://developer.postgresql.org/pgdocs/postgres/auth-methods.html#GSSAPI-AUTH
http://developer.postgresql.org/pgdocs/postgres/auth-methods.html#KERBEROS-AUTH
oVirt of course already has a client principle since it uses that to talk
to libvirt, so it strikes me that it ought to be possible to just use that
for PG too, and do away with generating a random password for PG
Daniel
--
|: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :|
|: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|
More information about the ovirt-devel
mailing list