Hi all!
I have a problem with kerberizing PostgreSQL 9.1.1.
PostgreSQL and Kerberos installed at different computers in network. I'm using internal network in VirtualBox 4.1.6.
There are no firewalls on both machines.
So, let's see pg_hba.conf:
less /var/lib/pgsql/data/pg_hba.conf
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all trust
# IPv4 local connections:
host all all 127.0.0.1/32 trust
host all all 192.168.100.0/24 krb5
And content of my postgresql.conf
# Kerberos and GSSAPI
krb_server_keyfile = '/var/lib/pgsql/data/krb5.keytab'
#krb_srvname = 'postgres' # (Kerberos only)
#krb_caseins_users = off
Pricipals in keytab file:
postgres/db.domain.int@xxxxxxxxxx
host/db.domain.int@xxxxxxxxxx
Passwords for principals in keytab randomly generated by kadmin.local during export to keytab.
User postgres is exists in database of course.
Now, let's try connect to postgres database through kerberos:
[postgres@localhost eugene]$ kinit postgres
Password for postgres@xxxxxxxxxx:
[postgres@localhost eugene]$ klist
Ticket cache: FILE:/tmp/krb5cc_481
Default principal: postgres@xxxxxxxxxx
Valid starting Expires Service principal
12/30/11 12:21:14 12/31/11 12:21:14 krbtgt/DOMAIN.INT@xxxxxxxxxx
renew until 01/06/12 12:21:14
All works good. Other services such as kerberized login for operating system works fine.
But if try connect to postgres database:
[postgres@localhost eugene]$ psql -h 192.168.100.10 -U postgres
psql: Kerberos 5 authentication rejected: Wrong principal in request
What I'am doing wrong? Any ideas? Questions?
Thanks in advance for your help.
---
Best regards,
Budanov Eugene
--
Sent via pgsql-admin mailing list (pgsql-admin@xxxxxxxxxxxxxx)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-admin
