|
Can postgres be configure for GSS/Kerberos authentication without a keyfile?
I have Kerberos working I compiled postgres with –with-gssapi I’ve setup the pg_hba.conf with gss and my IP address I’m not sure what to put in the postgres.conf
I can do a kinit buckwheat.johnson@SOME_EXAMPLE.COM – and it correctly validates against an AD server My klist is as follows ------------------------------------------- [root@mbr01 postgresql-9.1.3]# klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: buckwheat.johnson@SOME_EXAMPLE.COM
Valid starting Expires Service principal 04/04/12 08:41:28 04/04/12 15:21:28 krbtgt/SOME_EXAMPLE.COM@SOME_EXAMPLE.COM
Kerberos 4 ticket cache: /tmp/tkt0 klist: You have no tickets cached -----------------------------------------------------
I’m getting a error on the Linus CentOS server side FATAL: GSSAPI authentication failed for user "buckwheat.johnson"
The error I’m getting on my windoz client is psql: SSPI continuation error: The specified target is unknown or unreachable (80090303)
Do I have to set the “krb_server_keyfile” in the postgres.conf? If not do I have to set any krb5 postgres.conf parameters?
-- Eric (alias buckwheat) CONFIDENTIALITY: This email (including any attachments) may contain confidential, proprietary and privileged information, and unauthorized disclosure or use is prohibited. If you received this email in error, please notify the sender and delete this email from your system. Thank you |
