From e3929e4bc1acca8eca0c3c0a05dbe3ca6ff95f81 Mon Sep 17 00:00:00 2001
From: Paul Trowbridge <paul@hptrow.me>
Date: Thu, 7 Apr 2022 13:03:13 -0400
Subject: [PATCH] old file

---
 postgres/AD convo.md | 37 -------------------------------------
 1 file changed, 37 deletions(-)
 delete mode 100644 postgres/AD convo.md

diff --git a/postgres/AD convo.md b/postgres/AD convo.md
deleted file mode 100644
index 76de892..0000000
--- a/postgres/AD convo.md	
+++ /dev/null
@@ -1,37 +0,0 @@
-[mailing_list](https://www.postgresql.org/message-id/flat/CAHq%2BKHJOvZT8M-o_sE%2BQzqqBGnUjNubWo_rRmpHZyw5ZUuaseg%40mail.gmail.com)
-
-
-wouldn't that be Pg authing against the OS (pam) which in turn is forwarding to krb5? which seems like an extra added step
-
-sfrost [11:11 AM]
-it's basically this:
-ktpass -out postgres.keytab -princ
-POSTGRES/centos(at)MY(dot)TESTDOMAIN(dot)LAN -mapUser enterprisedb -pass XXXXXX
--crypto DES-CBC-MD5
-(except adjusted a bit to make it not use a shitty crypto)
-you use ktpass to create your keytab file
-copy the keytab file to the Linux box
-
-arossouw [11:12 AM]
-Seems like effort, i'll just play dumb on that one
-
-sfrost [11:12 AM]
-oh, gotta fix the princ too or whatever
-but it's not that hard
-and you might have to configure the realms, but not necessairly (that info is often in DNS already)
-then you just tell PG where the keytab file is, set gssapi in PG's hba.conf, and create your users using their princ names, like 'sfrost@SNOWMAN.NET'
-
-dtseiler [11:13 AM]
-I’m with @hunleyd, I’d love to see a great howto post on that.
-
-arossouw [11:14 AM]
-I suppose the question is what is the advantage of using kerberos, and then deciding if its worth spending time on
-
-sfrost [11:14 AM]
-I just wrote it
-^^^ see above
-also wrote the advantage...
-
-
-hunleyd [11:14 AM]
-maybe i'll try this as a 10% project some day
\ No newline at end of file