LDAP Authentication?
People,
After writing dblink-ldap (http://pgfoundry.org/projects/dblink-ldap),
several people have contacted me asking if this will give LDAP
authentication to PostgreSQL, because they need this. And this is before
I've even released it, so apparantly there are a lot of people who want
this.
You can do this today using PAM authenication, but this is not always
possible. Notably it's never possible on Windows, and there are several
unix platforms/distros that don't support it without a lot of work.
It should be fairly easy to write a LDAP "backend" to password
authentication using openldap, winldap or whatever ldap library is
available.
Before I start working on anything I'd like to check if a patch for this
would be accepted?
//Magnus
Magnus Hagander wrote:
You can do this today using PAM authenication, but this is not always
possible. Notably it's never possible on Windows, and there are
several unix platforms/distros that don't support it without a lot of
work.
Or you port PAM to Windows, and then everybody wins.
--
Peter Eisentraut
http://developer.postgresql.org/~petere/
You can do this today using PAM authenication, but this is
not always
possible. Notably it's never possible on Windows, and there are
several unix platforms/distros that don't support itwithout a lot of
work.
Or you port PAM to Windows, and then everybody wins.
Well, for one that's going to be a *lot* more work. I'm not even sure
how many of the concepts would apply to win32, but then I don't really
know PAM...
It also would do nothing to help those who are on platforms or distros
that don't put PAM in there by default - it can still be a pain to put
it in there...
//Magnus
Import Notes
Resolved by subject fallback
On 10/10/05, Magnus Hagander <mha@sollentuna.net> wrote:
You can do this today using PAM authenication, but this is
not always
possible. Notably it's never possible on Windows, and there are
several unix platforms/distros that don't support itwithout a lot of
work.
Or you port PAM to Windows, and then everybody wins.
Well, for one that's going to be a *lot* more work. I'm not even sure
how many of the concepts would apply to win32, but then I don't really
know PAM...
Most of the work has already been done:
--
Mike Rylander
mrylander@gmail.com
GPLS -- PINES Development
Database Developer
http://open-ils.org
You can do this today using PAM authenication, but this is
not always
possible. Notably it's never possible on Windows, and there are
several unix platforms/distros that don't support itwithout a lot of
work.
Or you port PAM to Windows, and then everybody wins.
Well, for one that's going to be a *lot* more work. I'm not
even sure
how many of the concepts would apply to win32, but then I
don't really
know PAM...
Most of the work has already been done:
Eh, no, that one works the other way around, adn doesn't help us at all.
GINA for windows is about the same as PAM is for Unix. Allows pluggable
authentication. But we don't support GINA authentication.
I guess we could support GINA authentication instead of LDAP, which
would add the benefit of supporting windows passwords (withotu single
sign on) for local accounts. But it would also make the hurdle a whole
lot larger for anybody wanting to do ldap auth for postgres -
installilng a GINA changes *all* the authentication on windows. Which
means you could use those accounts to log on to the system, which you
probalby don't want...
//Magnus
Import Notes
Resolved by subject fallback
Magnus,
Magnus Hagander wrote:
It should be fairly easy to write a LDAP "backend" to password
authentication using openldap, winldap or whatever ldap library is
available.Before I start working on anything I'd like to check if a patch for this
would be accepted?
Also I was thinking about LDAP authentication before.
LDAP is the most important infrastracture for enterprise users
who have the centerized account management.
Samba and Apache have LDAP auth.
Also we need it for PostgreSQL.
--
NAGAYASU Satoshi <nagayasus@nttdata.co.jp>
--- Magnus Hagander wrote:It should be fairly easy to write a LDAP "backend" to password
authentication using openldap, winldap or whatever ldap library is
available.
I support the idea. It would be a good gain for PostgreSQL
authentication.
If you want to discuss ideas, drop me a line.
Euler Taveira de Oliveira
euler[at]yahoo_com_br
_______________________________________________________
Promo��o Yahoo! Acesso Gr�tis: a cada hora navegada voc�
acumula cupons e concorre a mais de 500 pr�mios! Participe!
http://yahoo.fbiz.com.br/
I can help on this one too.
-----Original Message-----
From: pgsql-hackers-owner@postgresql.org
[mailto:pgsql-hackers-owner@postgresql.org] On Behalf Of Euler Taveira de
Oliveira
Sent: Monday, October 31, 2005 9:44 AM
To: Satoshi Nagayasu; Magnus Hagander
Cc: PostgreSQL-development
Subject: Re: [HACKERS] LDAP Authentication?
--- Magnus Hagander wrote:It should be fairly easy to write a LDAP "backend" to password
authentication using openldap, winldap or whatever ldap library is
available.
I support the idea. It would be a good gain for PostgreSQL
authentication.
If you want to discuss ideas, drop me a line.
Euler Taveira de Oliveira
euler[at]yahoo_com_br
_______________________________________________________
Promoção Yahoo! Acesso Grátis: a cada hora navegada você
acumula cupons e concorre a mais de 500 prêmios! Participe!
http://yahoo.fbiz.com.br/
---------------------------(end of broadcast)---------------------------
TIP 9: In versions below 8.0, the planner will ignore your desire to
choose an index scan if your joining column's datatypes do not
match