openpolitics.com

How to setup Windows Active Directory with PostgreSQL GSSAPI Kerberos Authentication

The first step in setting up a Windows Active Directory is to create a regular user account. The password can be anything but shouldn’t expire and it needs to be unique in the environment. In this instance, we’ll use pg1postgres.

Once the user account exists, we have to create a mapping between that user account and the service principal and create a keytab file. These steps can be combined using the Windows ktpass command, like so: