3

I'm trying to set Windows authentication for a postgres server.

The process is not well documented and makes the whole thing, obscure.

I found this doc but it is quite unclear.

In the necessary steps, the doc says that you need to create a domain user. Yet in the screenshot, it says DomainServiceAccount

enter image description here

Once, you've created the domain user and that you set your postgres service with the domain user, you need to create a Service Principle Name to your service account with the following command line in the AD server

setspn -S POSTGRES/[fully.qualified.domain.name] DOMAIN\[service_account_name]

Questions are the following

  • Is service_account_name = DomaninServiceAccount = Domain user?
  • If my first question is correct, that I create a user called SuperPostgres, I set the service as mentioned in the doc with the user SuperPostgres, that I create a SPN with the command line spn and set the relevant role as mentionned in the doc, is it certain that Postgres will allow an AD user like AndyKw to connect to the postgres db?
Improve this question

1 Answer 1

Reset to default
3

Yes

Service_account_name = DomaninServiceAccount = Domain user

A service account is actually a domain user, just with some extra settings like "no interactive login" and "password does not expire". Dunno why they would use "DomaninServiceAccount" too. It's just Service_account_name

Is it certain? Just have to test, but it looks usual for non-Windows applications (Atlassian does the same, and I have other Java apps that have AD authentication too)

Improve this answer
0

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.