Greetings, * Khushboo Vashi (khushboo.va...@enterprisedb.com) wrote: > On Wed, Dec 13, 2017 at 3:05 AM, Duffey, Blake <blake.duf...@noblis.org> > wrote: > > > Will pgAdmin 4 as a python wheel application support Kerberos > > authentication? > > > > We are evaluating running pgAdmin 4 as a web service (vs a Windows > > application) in a shared Citrix environment. Kerberos auth would make > > this use case viable. > > Ref #1952 <https://redmine.postgresql.org/issues/1952> : > Kerberos authentication is supported by the underlying libpq, and pgAdmin 4 > exposes both the host and hostaddr connection options that are typically > used in Kerberos environments.
This does not appear to contemplate Kerberos credential proxying, which is what is really needed here when talking about running pgAdmin4 as a web service. Specifically, pgAdmin4 would need to be able to handline *incoming* Kerberos authentication requests using SPNEGO and then be able to have credentials delegated to it which would then allow it to authenticate to PostgreSQL using Kerberos. The fact that pgAdmin4 uses libpq to connect to PG does not make pgAdmin4 support Kerberos as a web service, though it should work for pgAdmin4 running as a Windows client (assuming it's being run in the user's application space; if it's being run as a Windows service or similar then it may not work). I'd certainly love to see pgAdmin4 as a web service support Kerberos authentication, with multi-user support and proper ticket delegation and credential proxying to allow users a seamless experience hitting a pgAdmin4 web server. Thanks! Stephen
signature.asc
Description: Digital signature
