public inbox for [email protected]
help / color / mirror / Atom feedFrom: Khushboo Vashi <[email protected]>
To: pgadmin-hackers <[email protected]>
Subject: [pgAdmin4][Patch] - RM #6746 - kerberos problems and kerberos documentation
Date: Thu, 14 Apr 2022 12:21:09 +0530
Message-ID: <CAFOhELfhE7m2E7Cjthk4KwmpBoAJZbkhdjUd9uZT9bHpmxf2Ag@mail.gmail.com> (raw)
Hi,
Please find the attached patch to improve the Kerberos Authentication.
Note: I have given the reference to the Kerberos understanding in the
documentation.
Thanks,
Khushboo
Attachments:
[application/octet-stream] RM_6746.patch (2.0K, 3-RM_6746.patch)
download | inline diff:
diff --git a/docs/en_US/kerberos.rst b/docs/en_US/kerberos.rst
index 6dcbd674c..7f333ed1a 100644
--- a/docs/en_US/kerberos.rst
+++ b/docs/en_US/kerberos.rst
@@ -4,10 +4,18 @@
`Enabling Kerberos Authentication`:index:
*****************************************
+**Prerequisite:** Kerberos understanding and setup
+
+Reference: https://web.mit.edu/kerberos/
+
To configure Kerberos authentication, you must setup your Kerberos Server and
-generate a ticket on the client using *kinit*. To enable Kerberos authentication
-for pgAdmin, you must configure the Kerberos settings in *config_local.py* or
-*config_system.py* (see the :ref:`config.py <config_py>` documentation) on the
+obtain a ticket on the client using *kinit*.
+
+Note: Active Directory users with Kerberos support do not require kinit.
+
+To enable Kerberos authentication for pgAdmin, you must configure the
+Kerberos settings in *config_local.py* or *config_system.py*
+(see the :ref:`config.py <config_py>` documentation) on the
system where pgAdmin is installed in Server mode. You can copy these settings
from *config.py* file and modify the values for the following parameters.
@@ -38,10 +46,10 @@ from *config.py* file and modify the values for the following parameters.
Keytab file for HTTP Service
============================
-* Generate the *Keytab* file for the HTTP service principal and copy it to the
- *pgAdmin* webserver machine. Ensure that the operating system user owning
- the *pgAdmin* webserver is the owner of this file and should be accessible
- by that user.
+* Generate the *Keytab* file for the HTTP service principal HTTP/<host-name>@realm,
+ and copy it to the *pgAdmin* webserver machine. Ensure that the operating system
+ user owning the *pgAdmin* webserver is the owner of this file and should be
+ accessible by that user.
* Please note that either you should set *default_keytab_name* parameter in
*krb5.conf* file or the environment variable *KRB5_KTNAME*. If not set then
view thread (2+ messages) latest in thread
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected]
Subject: Re: [pgAdmin4][Patch] - RM #6746 - kerberos problems and kerberos documentation
In-Reply-To: <CAFOhELfhE7m2E7Cjthk4KwmpBoAJZbkhdjUd9uZT9bHpmxf2Ag@mail.gmail.com>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox