On Tue, Jun 19, 2012 at 6:54 PM, Simo Sorce <s...@redhat.com> wrote:
> Yes with IPA you can use service principals to initiate context w/o > problems. That's why I suggested you use a service principal. > AD has a limitation that you must use an actual user to initiate a > context, that may be where the suggestion is coming from. > > I was just wondering how to to use a service principal coupled to a host in the case of a webapp. We all know those, applications that require binding to a database with a login/pass combo in a file. And was assuming that creating a service principal and then creating a postgresql role with the name of the principal would not work, that I could not login postgresql with that kerberos principal. It turns out it does work! I can create service principals and have them connect to our postgresql servers. Awesome! I need to test this more thouroughly, but this is looking great security wise. Thanks for the tip! :-) -- natxo
_______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users