The PostgreSQL 9.0 Reference Manual - Volume 3 - Server Administration Guide by The PostgreSQL Global Development Group Paperback (6"x9"), 274 pages ISBN 9781906966072 RRP £9.95 ($14.95) Sales of this book support the PostgreSQL project! Get a printed copy>>>

PostgreSQL 9.0 Reference Manual Volume 3 Buy the book here! >>> support free documentation

5.3.4 SSPI authentication

SSPI is a Windows technology for secure authentication with single sign-on. PostgreSQL will use SSPI in negotiate mode, which will use Kerberos when possible and automatically fall back to NTLM in other cases. SSPI authentication only works when both server and client are running Windows.

When using Kerberos authentication, SSPI works the same way GSSAPI does; see section 5.3.3 GSSAPI authentication for details.

The following configuration options are supported for SSPI:

include_realm

If set to 1, the realm name from the authenticated user principal is included in the system user name that's passed through user name mapping (section 5.2 User name maps). This is useful for handling users from multiple realms.

map

Allows for mapping between system and database user names. See section 5.2 User name maps for details.

krb_realm

Sets the realm to match user principal names against. If this parameter is set, only users of that realm will be accepted. If it is not set, users of any realm can connect, subject to whatever user name mapping is done.