Hi to all,
Actually I try to authenticate my Linux Postgres installation against Active
Directory, I find 3 solution to use:
1) LDAP
2) Pam and Kerberos
3) Kerberos alone
The first require the modification of the active directory schema, and I
prefer to avoid such responsibility.
For the 2 kerberos solution I don't find to much documentation, I try to
compile postgres with kerberos using this configure flag:
--with-krb5=/usr/
--with-includes=/usr/include/
--with-libraries=/usr/lib/
My kerberos installation is in
/usr/bin and /usr/sbin for the binary
/usr/lib/ libkrb5.* e libk5crypto.so
and libkadm5
/usr/include/ krb5.h heaser file
But seems that I miss something because when I put the krb5 word in the
pg_hba.conf and I try to connect the system give me the error:
psql -U postgres -d template1 -h 192.168.0.205
psql: Kerberos 5 authentication failed
--from the system log--
postgres[26793]: [2-1] LOG: Kerberos recvauth returned error 103
postgres[26793]: [3-1] FATAL: Kerberos5 authentication failed for user
"postgres"
postgres[26795]: [2-1] LOG: Kerberos recvauth returned error 103
postgres[26795]: [3-1] FATAL: Kerberos5 authentication failed for user
"postgres@xxxxxxxxxxx"
--from the postgres log--
postgres: Software caused connection abort from krb5_recvauth
I also create with KTPASS a principal for the windows user POSTGRES and put
it in the keytab file that the configure script search for.
The kinit utility work well for any user I try to use.
After this not enthusiastics result I try with PAM and postgres (I just have
another installation that work well with pam-ldap), and sounds good, now I'm
able to authenticate the postgres user but not my and other user.
--system log--
postgres[26991]: pam_krb5: pam_sm_authenticate(postgresql ronzanid): entry:
postgres[26991]: pam_krb5: pam_sm_authenticate(postgresql ronzanid):
get_user_info(): Conversation error
postgres[26991]: pam_krb5: pam_sm_authenticate(postgresql ronzanid): exit:
failure
postgres[26991]: [2-1] LOG: pam_authenticate failed: Error in service
module
postgres[26991]: [3-1] FATAL: PAM authentication failed for user "ronzanid"
postgres[26992]: pam_krb5: pam_sm_authenticate(postgresql ronzanid): entry:
postgres[26992]: pam_krb5: pam_sm_authenticate(postgresql ronzanid):
getpwnam():
postgres[26992]: pam_krb5: pam_sm_authenticate(postgresql ronzanid): exit:
failure
postgres[26992]: [2-1] LOG: pam_authenticate failed: User not known to the
underlying authentication module
postgres[26992]: [3-1] FATAL: PAM authentication failed for user "ronzanid"
I hope someone can help, any hint, useful web pages, or documentation is
very appreciate.
Thanks in advance
Dario
---------------------------(end of broadcast)---------------------------
TIP 3: Have you checked our extensive FAQ?
http://www.postgresql.org/docs/faq
