I've been trying this as well off and on. In my case I'm not convinced the AD configuration is correct (And someone else manages that).
Can you use kinit with the key tab options to get a good response from the server? I think I should be able to do this ..
$ kinit -V -k -t poe3b.keytab HTTP/poe3b.lab2k.net
kinit(v5): Preauthentication failed while getting initial credentials
kinit(v5): Preauthentication failed while getting initial credentials
I'd be interested to know if you get something different - and the steps you went through on the AD side.
Bryan.
On Fri, Jun 11, 2010 at 5:51 PM, <greigwise@xxxxxxxxxxx> wrote:
I'm trying to get my PostgreSQL server on Linux configured so that I can connect from a Windows client using GSS Authentication against Active Directory. I found some helpful references on how to do this, but I'm still coming up short. To summarize what I've done so far by way of configuration:
1) On the Linux server, setup my krb5.conf file such that I can get a ticket from AD using kinit and confirm using klist.
2) Setup a new account in AD and used ktpass to create a keytab file for the SPN.
3) Copied the keytab file onto my postgres server and updated my postgresql.conf file appropriately (set the krb_server_keyfile to point to the file I just created.)
Then I wrote a little test Perl program to connect to my postgres database.
use DBI;
use strict;
my $dbh = DBI->connect('DBI:Pg:dbname=postgres;host=host.domain.com;krbsrvname=POSTGRES') or die DBI->errstr;
When I try to run the Perl program I get this error:
DBI connect('dbname=postgres;host=host.domain.com;krbsrvname=POSTGRES')
failed: FATAL: accepting GSS security context failed
DETAIL: Miscellaneous failure: Unknown code ggss 3 at g.pl line 4
FATAL: accepting GSS security context failed
DETAIL: Miscellaneous failure: Unknown code ggss 3 at g.pl line 4
I then ramped up the debug logging on the postgres side and get this off the server:
2010-06-11 17:23:49 EDTDEBUG: 00000: Processing received GSS token of length 2119
2010-06-11 17:23:49 EDTLOCATION: pg_GSS_recvauth, auth.c:965
2010-06-11 17:23:49 EDTDEBUG: 00000: gss_accept_sec_context major: 851968, minor: -2045022973, outlen: 0, outflags: 7f
2010-06-11 17:23:49 EDTLOCATION: pg_GSS_recvauth, auth.c:984
2010-06-11 17:23:49 EDTFATAL: XX000: accepting GSS security context failed
2010-06-11 17:23:49 EDTDETAIL: Miscellaneous failure: Unknown code ggss 3
2010-06-11 17:23:49 EDTLOCATION: pg_GSS_error, auth.c:866
I'm using PostgreSQL 8.4.4 on Enterprise Linux 4.
Can anyone offer any suggestions?
Thanks in advance.
Greig
