You can configure database or Kerberos authentication method to connect to a PostgreSQL database.
Before you configure the connection properties, you need to keep the authentication details handy based on the authentication type that you want to use.
To configure database authentication, you need the user name, password, host name, port, and database name from your PostgreSQL account. To configure Kerberos authentication, you need the service principal name, host name, port, and database name from your PostgreSQL account.
To configure Kerberos authentication, you need to perform certain prerequisite tasks.
Prepare for Kerberos authentication
To connect to PostgreSQL databases with Kerberos authentication, place the required Kerberos configuration files on the Secure Agent machine.
When you configure Kerberos authentication to connect to PostgreSQL, consider the following guidelines:
•You can't use the Hosted Agent or serverless runtime environment.
•Ensure that the Secure Agent and database server that you use are registered in the KDC server.
•You can't add more than one KDC to a krb5.conf file.
•You can't generate a credential cache file for more than one Kerberos principal user.
•When you user Kerberos authentication on Windows, ensure that the user account that starts the Secure Agent service is available in the PostgreSQL database. You don't need to enter your credentials to access PostgreSQL.
Configuring Kerberos authentication
Before you use Kerberos authentication to connect to PostgreSQL on Linux or Windows, the organization administrator needs to perform the prerequisite tasks.
1To configure the Java Authentication and Authorization Service configuration file (JAAS), perform the following tasks:
aCreate a JAAS configuration file on the Secure Agent machine.
bAdd the following entries to the JAAS configuration file:
[realms] <REALM NAME> = { kdc = <Location where KDC is installed> admin_server = <Location where KDC is installed> } [domain_realm] <domain name or host name> = <Domain name or host name of Kerberos> <domain name or host name> = <Domain name or host name of Kerberos>
3Set the following environment variables on the Secure Agent machine.
5To generate the credential cache file on the Secure Agent machine and use Kerberos authentication to connect to PostgreSQL, perform the following tasks:
aFrom the command line on the Secure Agent machine, run the following command and specify the PostgreSQL user name and realm name:
Kinit <user name>@<realm_name>
bWhen prompted, enter the password for the Kerberos principal user.
Setting environment variables
To use Kerberos authentication to connect to PostgreSQL, you need to set the required environment variables on the Secure Agent machine.
Run the following commands to set the environment variables:
•setenv KRB5CCNAME <Absolute path and file name of the credentials cache file>
•setenv KRB5_CONFIG <Absolute path of the Kerberos configuration file>\krb5.conf
•setenv JAASCONFIG <Absolute path of the JAAS config file>\<File name>.conf
After you set the environmental variables, you need to restart the Secure Agent.
Alternatively, you can add the KRB5_CONFIG and JAASCONFIG environment variables when you create a PostgreSQL connection.
To add the environment variables when you configure a connection with Kerberos authentication, you need to add the KRB5_CONFIG and JAASCONFIG properties in the Additional Kerberos Properties field in a PostgreSQL connection.
For example, add the properties in the following format:
KRB5_CONFIG=<Absolute path of the Kerberos configuration file>\krb5.conf;JAASCONFIG=<Absolute path of the JAAS config file>\<File name>.conf
Note: Ensure that you separate each key-value pair with a semicolon.