On Sat, 10 Oct 2009 18:50:12 +0100
Stephen Gran wrote:
> You still haven't managed to explain how that's going to work. Name
> service resolution happens within the application running as that
> user, not as some other process.
I realized my mistake about the privilegies and NSS: I thought that
This one time, at band camp, Denis Feklushkin said:
> Users now don't have access to a file /etc/nss-pgsql.conf with
> passwords and everything works - I think access to the keytab file
> also needs only for a root.
You still haven't managed to explain how that's going to work. Name
service resol
On Sat, 10 Oct 2009 14:35:40 +0100
Stephen Gran wrote:
>
> > > This will be a severe boot strap problem - you'll need to be
> > > logged in to run kinit to verify who you are before you can log
> > > in.
> >
> > What about use a separate keytab-file specially for nss-pgsql,
> > readable for al
This one time, at band camp, Денис said:
> On Sat, 10 Oct 2009 13:13:42 +0100 Stephen Gran
> wrote:
>
> > so each user will need a keytab to access the database before name
> > resolution will work for them.
>
> I think it's okay, because it will be principal for a special DB user
> who can only
This one time, at band camp, Denis Feklushkin said:
> Need possibility to authenticate pgsql user via Kerberos.
>
> Currently option for passing path to kerberos keytab file don't
> exist and before start using of nss-pgsql2 root needs to execute
> kerberos command kinit on the host where nss-pgsq
Package: libnss-pgsql2
Version: 1.4.0debian-2
Severity: wishlist
Need possibility to authenticate pgsql user via Kerberos.
Currently option for passing path to kerberos keytab file don't
exist and before start using of nss-pgsql2 root needs to execute
kerberos command kinit on the host where nss-
6 matches
Mail list logo
