On Tue, Jun 19, 2012 at 6:54 PM, Simo Sorce <s...@redhat.com> wrote:

> Yes with IPA you can use service principals to initiate context w/o
> problems. That's why I suggested you use a service principal.
> AD has a limitation that you must use an actual user to initiate a
> context, that may be where the suggestion is coming from.
I was just wondering how to to use a service principal coupled to a host in
the case of a webapp. We all know those, applications that require binding
to a database with a login/pass combo in a file. And was assuming that
creating a service principal and then creating a postgresql role with the
name of the principal would not work, that I could not login postgresql
with that kerberos principal.

It turns out it does work! I can create service principals and have them
connect to our postgresql servers. Awesome!

I need to test this more thouroughly, but this is looking great security

Thanks for the tip! :-)
Freeipa-users mailing list

Reply via email to