views:

34

answers:

1

I am trying to setup PostgreSQL and allow only certain Windows users to access the data from the database. Setting up Windows Authentication is Quite easy with MS SQL, but I can't figure out how to set it up in PostgreSQL.

I have gone through the documentation at http://www.postgresql.org/docs/current/static/auth-methods.html

and edited the pg_hba file. But after doing so, the PostgreSQL service fails to start.

+1  A: 

Is the Postgresql server running on Windows as well as the clients then you might test with this to see if this works:

host all all 0.0.0.0/0 sspi

Magnus Hagander, developer of Postgresql elaborates on this:

"All users connecting from the local machine, your domain, or a trusted domain will be automatically authenticated using the SSPI configured authentication (you can enable/disable things like NTLMv2 or LM using Group Policy - it's a Windows configuration, not a PostgreSQL one). You still need to create the login role in PostgreSQL, but that's it. Note that the domain is not verified at all, only the username. So the user Administrator in your primary and a trusted domain will be considered the same user if they try to connect to PostgreSQL. Note that this method is not compatible with Unix clients." [http://blog.hagander.net/archives/88-Integrated-Security-in-PostgreSQL-8.3.html]

If you mix Unix-Windows then you to resort to kerberos using GSSAPI which means you have to do some configuration. The following overviews may perhaps lead you in the right path:

http://www.hagander.net/talks/Deploying%20PostgreSQL%20in%20a%20Windows%20Enterprise.pdf

John P