如何配置 PostgreSQL 以使用 Windows 身份验证?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/3448778/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How can I configure PostgreSQL to use Windows Authentication?
提问by Devdatta Tengshe
I am trying to setup PostgreSQL and allow only certain Windows users to access the data from the database. Setting up Windows Authentication is Quite easy with MS SQL, but I can't figure out how to set it up in PostgreSQL.
我正在尝试设置 PostgreSQL 并只允许某些 Windows 用户访问数据库中的数据。使用 MS SQL 设置 Windows 身份验证非常简单,但我不知道如何在 PostgreSQL 中设置它。
I have gone through the documentation at http://www.postgresql.org/docs/current/static/auth-methods.html
我已经阅读了http://www.postgresql.org/docs/current/static/auth-methods.html 上的文档
and edited the pg_hba file. But after doing so, the PostgreSQL service fails to start.
并编辑了 pg_hba 文件。但是这样做后,PostgreSQL 服务启动失败。
采纳答案by John P
Is the Postgresql server running on Windows as well as the clients then you might test with this to see if this works:
Postgresql 服务器是在 Windows 上运行还是在客户端上运行,那么您可以使用它进行测试以查看它是否有效:
host all all 0.0.0.0/0 sspi
Magnus Hagander, a Postgresql developer, elaborateson this:
Postgresql 开发人员 Magnus Hagander对此进行了详细说明:
"All users connecting from the local machine, your domain, or a trusted domain will be automatically authenticated using the SSPI configured authentication (you can enable/disable things like NTLMv2 or LM using Group Policy - it's a Windows configuration, not a PostgreSQL one). You still need to create the login role in PostgreSQL, but that's it. Note that the domain is not verified at all, only the username. So the user Administrator in your primary and a trusted domain will be considered the same user if they try to connect to PostgreSQL. Note that this method is not compatible with Unix clients."
“所有从本地计算机、您的域或受信任域连接的用户都将使用 SSPI 配置的身份验证自动进行身份验证(您可以使用组策略启用/禁用 NTLMv2 或 LM 之类的东西 - 这是 Windows 配置,而不是 PostgreSQL 配置) . 您仍然需要在 PostgreSQL 中创建登录角色,仅此而已。请注意,域根本没有经过验证,只有用户名。因此,如果您尝试,您的主域中的用户管理员和受信任域中的用户将被视为同一用户连接到 PostgreSQL。请注意,此方法与 Unix 客户端不兼容。”
If you mix Unix-Windows then you have to resort to kerberos using GSSAPI which means you have to do some configuration. This article on deploying Pg in Windows environmentsmay perhaps lead you in the right path.
如果您混合使用 Unix-Windows,那么您必须求助于使用 GSSAPI 的 kerberos,这意味着您必须进行一些配置。这篇关于在 Windows 环境中部署 Pg 的文章可能会引导您走上正确的道路。
回答by Dan Kuida
If anyone else encouters this like I did so starting from 9.5 you wil need to add an optional parameter both to the ipv4 and ipv6 in order for this to work
如果其他人像我一样从 9.5 开始遇到这种情况,您将需要向 ipv4 和 ipv6 添加一个可选参数才能使其正常工作
include_realm=0
include_realm=0
so the whole thing will look like
所以整个事情看起来像
host all your_username 127.0.0.1/32 sspi include_realm=0
