RE: Feature request support MS Entra ID Authentication from On-premises PostreSQL server

Mon, 12 Feb 2024 02:38:50 -0800 

Azure Postgres login authentication :



 

This is how I do it for the Azure PostgreSQL, I will have to test to see if it 
will log in the same way, as I need to be able to get the token from Azure and 
pass that in as the password for the User/group account in the on-prem database.

 

Thanks the link ,  

If anyone else has been able to authenticate on-prem PostgreSQL against 
Micorosft Entra ID and has the steps to do this that would also be good news.

 

From: Andrew Dunstan <and...@dunslane.net> 
Sent: Sunday, February 11, 2024 8:02 AM
To: rs.tr...@gmail.com; pgsql-hackers@lists.postgresql.org
Subject: Re: Feature request support MS Entra ID Authentication from 
On-premises PostreSQL server

 

 

On 2024-02-10 Sa 12:26, rs.tr...@gmail.com <mailto:rs.tr...@gmail.com>  wrote:

Hi all,

 

Don’t know if I got this to the right group.

 

Proposal Template For a New Feature

One-line Summary:  Feature request Natively integration support Azure Microsoft 
Entra ID for authentication from On-premises PostreSQL server.

 

Business Use-case: Explain the problem that you are trying to solve with the 
proposal.

Using new Authentciation method (entra ID) vs Ldap method for On-Premises 
PostgreSQL server databases.

 

User impact with the change: 

Trying to stream line accounts so we only have one place for Users and 
accounts, for onboarding

and offboarding and our Echo system is starting to move to Azure, but we still 
have On-premises PostgresSQL servers.

 

Our Security groups want us to use new Authentication methods and have 
integration into MS Entra ID.

 

I know that I can from the Azure PostgreSQL log in with Azure Entra ID with 
psql.exe and pgAdmin 4 and have this working for the Azure PostgreSQl database.

But have not found a way to do this with our On-premises PostgreSQL server 
databases.

There may be a method for  already doing this but I have not found it, and I am 
very new to PostgreSQL.

 

 

What is the difference between this and ActiveDirectory? AD is already usable 
as an authentication mechanism. See for example  
<https://www.crunchydata.com/blog/windows-active-directory-postgresql-gssapi-kerberos-authentication>
 
<https://www.crunchydata.com/blog/windows-active-directory-postgresql-gssapi-kerberos-authentication>

 

cheers

 

andrew

--
Andrew Dunstan
EDB: https://www.enterprisedb.com

Reply via email to