---------- Forwarded message ----------
From: rahimeh khodadadi <rahimeh.khodadadi@xxxxxxxxx>
Date: 2009/11/29
Subject: Re: psql+krb5
To: Denis Feklushkin <denis.feklushkin@xxxxxxxxx>
These items have added after my sending.
I repeat again my configurations:
2) Then, I created principal as " postgres/star@xxxxxxxxxxx " and its password is saved in '/usr/local/pgsql/data/postgresql.keytab' .
(star is localhost IP, but in hosts.conf I configure like: 213.233.169.93 star)
3) I setup postgresql.conf as below:
krb_server_keyfile = '/usr/local/pgsql/data/
From: rahimeh khodadadi <rahimeh.khodadadi@xxxxxxxxx>
Date: 2009/11/29
Subject: Re: psql+krb5
To: Denis Feklushkin <denis.feklushkin@xxxxxxxxx>
These items have added after my sending.
I repeat again my configurations:
1) The configuration of krb5.conf is:
[realms]
EXAMPLE.COM ={.....[realms]
2) Then, I created principal as " postgres/star@xxxxxxxxxxx " and its password is saved in '/usr/local/pgsql/data/postgresql.keytab' .
(star is localhost IP, but in hosts.conf I configure like: 213.233.169.93 star)
3) I setup postgresql.conf as below:
krb_server_keyfile = '/usr/local/pgsql/data/
postgresql.keytab'
krb_srvname = 'postgres/star@xxxxxxxxxxx'
krb_server_hostname = 'star' # empty string matches any keytab entry
krb_caseins_users = off
4) I create user "frank" in Psql .
5) Then I set up hba.conf :
host all all 0.0.0.0/0 krb5
host all all 127.0.0.1/32 krb5
When I want to connect to Postgresql, it gives error.
# kinit frank
[root@star bin]# ./psql -h star -U frank -d test
psql: krb5_sendauth: Bad application version was sent (via sendauth)
krb_srvname = 'postgres/star@xxxxxxxxxxx'
krb_server_hostname = 'star' # empty string matches any keytab entry
krb_caseins_users = off
4) I create user "frank" in Psql .
5) Then I set up hba.conf :
host all all 127.0.0.1/32 krb5
When I want to connect to Postgresql, it gives error.
# kinit frank
[root@star bin]# ./psql -h star -U frank -d test
psql: krb5_sendauth: Bad application version was sent (via sendauth)
I should mention that both postgresql server and krb-server are in same system and my IP is acquring from dhcp server of university. Where is wrong.
2009/11/29 Denis Feklushkin <denis.feklushkin@xxxxxxxxx>
On Sun, 29 Nov 2009 14:23:52 +0330
> Thanks for your replying. My detail of configuration is:> EXAMPLE.COM <http://example.com/><http://EXAMPLE.COM
>
> I try to setup kerberos authentication in Postgresql 8.1.18 on centos.
>
> But I have some problem.
>
> 1) The configuration of krb5.conf is:
> [realms]
> <http://example.com/>> ={
^^^^^^^^^^^^^^^^ !!!>
> kdc=star :88
> admin_server=star:749
> default_domain= example.com<http://example.com
> >
> > >
> > }
> > .....
> >
> > 2) Then, I created principal as " postgres/star@xxxxxxxxxxx<mailto:
> > star@xxxxxxxxxxx> " and its password is saved in
> > '/usr/local/pgsql/data/postgresql.keytab' .
> >
> >
> > (star is localhost IP, but in hosts.conf I configure like:
> > 213.233.169.93 star)
> >
> > 3) I setup postgresql.conf as below:
> >
> > krb_server_keyfile = '/usr/local/pgsql/data/
> > postgresql.keytab'
> > krb_srvname = 'postgres/star@xxxxxxxxxxx<mailto:star@xxxxxxxxxxx>'
> >
> > krb_server_hostname = 'star' # empty string matches any
> > keytab entry
> > krb_caseins_users = off
> >
> > 4) I create user "frank" in Psql .
> >
> > 5) Then I set up hba.conf :
> >
> > host all all 0.0.0.0/0<http://0.0.0.0/0>
> > krb5
> > host all all 127.0.0.1/32<http://127.0.0.1/32>
> > krb5
> >
> >
> > When I want to connect to Postgresql, it gives error.
> >
> > # kinit frank
> >
> > [root@star bin]# ./psql -h star -U frank -d test
> >
> > psql: krb5_sendauth: Bad application version was sent (via sendauth)
> >
>
> some changes in users gives below error :
> "[root@www bin]# ./psql -h 213.233.168.249 -U postgres
> psql: Kerberos 5 authentication rejected: Wrong principal in
> request"
>
>
> > I should mention that both postgresql server and krb-server are in
> > same system and my IP is acquring from dhcp server of university.
> > Where is wrong.
> >
>
>
>
> 2009/11/29 Denis Feklushkin <denis.feklushkin@xxxxxxxxx>
>
> > On Sun, 29 Nov 2009 10:48:30 +0330
> > rahimeh khodadadi <rahimeh.khodadadi@xxxxxxxxx> wrote:
> >
> > > Hi,
> > >
> > > When I want to connect to psql via krb5 in Linux, it gives me
> > > error like: "[root@www bin]# ./psql -h 213.233.168.249 -U
> > > postgres psql: Kerberos 5 authentication rejected: Wrong
> > > principal in request"
> >
> > Что в логах KDC?
И ещё, в тексте который Вы дали встречаются пробелы в именах
принципалов и странные записи "<mailto:star@xxxxxxxxxxx>"
При настройке важно чтобы ничего этого небыло
--
With Best Regards
Miss.KHodadadi
With Best Regards
Miss.KHodadadi
--
With Best Regards
Miss.KHodadadi
