On Sat, Jun 23, 2012 at 04:49:25PM +0200, Natxo Asenjo wrote: > Using postgresql (or oracle possibly) it is possible to use > kerberos/gssapi to log in the > database. > > If I create a kerberos service principal > rt/myserver.domain.tld/MYREALM.TLD I can login the > postgresql database with a keytab for this principal. > > How can I tell the request tracker application it has to use this keytab > instead of setting a > username/password in clear text in a config file? This would be a huge > security improvement > IMO. > > With other apps I can use the KRB5CCNAME variable to specify where the > ticket cache file is > and use that.
If DBD::Pg or DBD::Oracle can do it, then RT should be able to leverage that. You'll need to review the driver documentation for how the configuration needs to be set up. -kevin
pgp4Hs4b7lFrf.pgp
Description: PGP signature
