Add README.kerbros

author: Bruce Momjian <bruce@momjian.us> 2000-05-27 03:42:32 +0000
committer: Bruce Momjian <bruce@momjian.us> 2000-05-27 03:42:32 +0000
commit: dc65b22fa372d28f99b10824a4801d24acfe9862 (patch)
tree: 9f00c73e599b2fda567e73b9d79512bd7abeb0c1
parent: 9500b35f178e8fc4335d2feb7f54dea4a5ff4ee5 (diff)
download: postgresql-dc65b22fa372d28f99b10824a4801d24acfe9862.tar.gz
postgresql-dc65b22fa372d28f99b10824a4801d24acfe9862.zip
1 files changed, 21 insertions, 0 deletions
diff --git a/doc/README.kerberos b/doc/README.kerberos
new file mode 100644
index 00000000000..8ad0e61ecbf
--- /dev/null
+++ b/doc/README.kerberos
@@ -0,0 +1,21 @@
+Edit postgresql-7.0RC5/src/Makefile.global.in.  Change PG_KRB_SRVTAB to
+somewhere useful for you, and PG_KRB_SRVNAM to whatever you want your
+postgres kerberos service called.
+
+make and install PostgreSQL.
+
+Generate the keytab (PG_KRB_SRVTAB): kadmin% ank -randkey
+postgres/server.my.domain.org kadmin% ktadd -k krb5.keytab
+postgres/server.my.domain.org
+
+Make sure the keytab is read-only to the postgres user. Make sure your
+client binaries can see the new libraries.
+
+edit pg_hba.conf and change the authentication method to krb5.
+
+Everything should then work. If you use mod_auth_krb and mod_perl on
+your web server, you can use AuthType KerberosV5SaveCredentials with a
+mod_perl script. This gives secure database access over the web. No
+extra passwords required. 
+
+Mike Wyer <mw@doc.ic.ac.uk>
author	Bruce Momjian <bruce@momjian.us>	2000-05-27 03:42:32 +0000
committer	Bruce Momjian <bruce@momjian.us>	2000-05-27 03:42:32 +0000
commit	dc65b22fa372d28f99b10824a4801d24acfe9862 (patch)
tree	9f00c73e599b2fda567e73b9d79512bd7abeb0c1
parent	9500b35f178e8fc4335d2feb7f54dea4a5ff4ee5 (diff)
download	postgresql-dc65b22fa372d28f99b10824a4801d24acfe9862.tar.gz postgresql-dc65b22fa372d28f99b10824a4801d24acfe9862.zip