|
Hello All, I am trying to configure PostgreSQL9.6 (On Centos 7.4) with Kerberos (Active Directory) via GSSAPI authentication and I’m getting the following error: [postgres@hostname data]$ psql -h hostname -U USERNAME@xxxxxxxxxx postgres psql: GSSAPI continuation error: Unspecified GSS failure. Minor code may provide more information GSSAPI continuation error: Server not found in Kerberos database I did the following configuration: 1.- Create KeyTab in Active Directory: ktpass -out postgres_instance.keytab -princ postgres/hostnamename.domain.com@xxxxxxxxxx -mapUser svcPostgres -pass <password> -crypto all -ptype KRB5_NT_PRINCIPAL 2.- Copy the keytab to Linux Server on $PGDATA and change the privileges to postgres:postgres 3.- Configure postgresql.conf krb_server_keyfile = '/<INSTANCA_NAME>/data/postgres_instance.keytab 4.- Configure /etc/krb5.conf 5.- Request a ticket to the KDC server using kinit (this work OK!) [postgres@hostname ~]$ klist Ticket cache: KEYRING:persistent:26:krb_ccache_AO0Y1kx Default principal: USERNAME@xxxxxxxxxx Valid starting Expires Service principal 01/30/2018 11:01:59 01/30/2018 21:01:59 krbtgt/DOMAIN.COM@xxxxxxxxxx renew until 02/06/2018 11:01:55 6.- Configure pg_hba.conf host all all 0.0.0.0/0 gss include_realm=1 7.- Create user in PG to test: create user “USERNAME@xxxxxxxxxx” WITH SUPERUSER; 8.- Testing [postgres@hostname data]$ psql -h hostname -U USERNAME@xxxxxxxxxx postgres psql: GSSAPI continuation error: Unspecified GSS failure. Minor code may provide more information GSSAPI continuation error: Server not found in Kerberos database I tried generate the Keytab with “postgres” and “POSTGRES” user as a SPN but I get the same error. Any suggestion is welcome! Thanks in advance for your help! Jorge |
