Search Postgresql Archives

Logon via GSSAPI from Linux fails, but works from Windows

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello all

We have our analysis users log on to Postgres without a password. Instead we rely on their Windows identity. 

When the Postgres server is on Windows, we use SSPI. Works great. 

When the Postgres server is on Linux, we use GSSAPI. Works great.

Now, we are introducing Linux for analysts to run their Python/R/SQL/whatever. 

They log onto Linux using their Windows identity. The Linux analysis servers are joined to the Windows domain using sssd. 

This gives us a headache. Logging onto Postgres without a password does not immediately work when the Windows user is logged onto a Linux server with their Windows credentials. 

Linux is Ubuntu 22.04 on the client side, Ubuntu 20.04 on the Postgres server side. Postgres server version is server 14.2 (Ubuntu 14.2-1.pgdg20.04+1). psql client is psql (PostgreSQL) 14.2 (Ubuntu 14.2-1ubuntu1).

What happens is this

yyy@srvpython8:~$ psql service=bigdata_db1
psql: error: connection to server at "srvpostgres4.xxx.local" (172.30.33.30), port 1609 failed: could not initiate GSSAPI security context: Unspecified GSS failure.  Minor code may provide more information: Server not found in Kerberos database
connection to server at "srvpostgres4.xxx.local" (172.30.33.30), port 1609 failed: GSSAPI continuation error: Unspecified GSS failure.  Minor code may provide more information: Server not found in Kerberos database
yyy@srvpython8:~$

The Postgres server log has this. 

2022-05-13 18:14:01.140 CEST,,,474093,"172.30.32.213:33554",627e83c9.73bed,1,"",2022-05-13 18:14:01 CEST,,0,LOG,00000,"connection received: host=172.30.32.213 port=33554",,,,,,,,,"","not initialized",,0
2022-05-13 18:14:01.159 CEST,,,474094,"172.30.32.213:33556",627e83c9.73bee,1,"",2022-05-13 18:14:01 CEST,,0,LOG,00000,"connection received: host=172.30.32.213 port=33556",,,,,,,,,"","not initialized",,0
2022-05-13 18:14:01.176 CEST,"yyy","db1",474094,"172.30.32.213:33556",627e83c9.73bee,2,"authentication",2022-05-13 18:14:01 CEST,2/14544,0,FATAL,28000,"GSSAPI authentication failed for user ""yyy""","Connection matched pg_hba.conf line 15: ""host    all             all             172.0.0.0/8             gss map=xxxlocal include_realm=0 krb_realm=""XXX.LOCAL""""",,,,,,,,"","client backend",,-3382135431624836920

Are we forgetting to set something up? 

Regards Niels Jespersen
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]

  Powered by Linux