[rt-users] database authentication (as in RT_SiteConfig.pm) using a kerberos principal

Natxo Asenjo natxo.asenjo at gmail.com
Sat Jun 23 10:49:25 EDT 2012


Using postgresql (or oracle possibly) it is possible to use kerberos/gssapi
to log in the database.

If I create a kerberos service principal rt/myserver.domain.tld/MYREALM.TLD
I can login the postgresql database with a keytab for this principal.

How can I tell the request tracker application it has to use this keytab
instead of setting a username/password in clear text in a config file? This
would be a huge security improvement IMO.

With other apps I can use the KRB5CCNAME variable to specify where the
ticket cache file is and use that.

Could something like this be possible?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20120623/da4d9c2a/attachment.htm>

More information about the rt-users mailing list