PostgreSQL – Set Windows Authentication

I'm trying to set Windows authentication for a postgres server.

The process is not well documented and makes the whole thing, obscure.

I found this doc but it is quite unclear.

In the necessary steps, the doc says that you need to create a domain user. Yet in the screenshot, it says DomainServiceAccount

Once, you've created the domain user and that you set your postgres service with the domain user, you need to create a Service Principle Name to your service account with the following command line in the AD server

setspn -S POSTGRES/[fully.qualified.domain.name] DOMAIN\[service_account_name]

Questions are the following

Is service_account_name = DomaninServiceAccount = Domain user?
If my first question is correct, that I create a user called SuperPostgres, I set the service as mentioned in the doc with the user SuperPostgres, that I create a SPN with the command line spn and set the relevant role as mentionned in the doc, is it certain that Postgres will allow an AD user like AndyKw to connect to the postgres db?

Best Answer

Yes

Service_account_name = DomaninServiceAccount = Domain user

A service account is actually a domain user, just with some extra settings like "no interactive login" and "password does not expire". Dunno why they would use "DomaninServiceAccount" too. It's just Service_account_name

Is it certain? Just have to test, but it looks usual for non-Windows applications (Atlassian does the same, and I have other Java apps that have AD authentication too)

Best Answer

Related Solutions

PostgreSQL – using password/md5 authentication with empty password

Excel Data Connection to SQL Server Using Windows Auth from Untrusted Machine

Related Question