Hi! Wherever your pg_ctl command sets the logfiles, or syslog if you use syslog etc. (Note that you still need to define the user in PostgreSQL as well, but that shoudl give a different error message) //Magnus > -----Original Message----- > From: koppelp@xxxxxxxxxxxxx [mailto:koppelp@xxxxxxxxxxxxx] > Sent: den 17 november 2006 23:18 > To: Magnus Hagander > Subject: RE: [GENERAL] kerberos authentication error with > Windows 2003 SP1 AD > > HI Magnus- > > Thanks for your reply. Which error log in postgres should I > look at? Do I need to configure postgres to add more detailed > logging? Thanks again for your help. > > Please include my email address in your reply. > > -- pk > > Inactive hide details for "Magnus Hagander" > <mha@xxxxxxxxxxxxxx>"Magnus Hagander" <mha@xxxxxxxxxxxxxx> > > > > > "Magnus Hagander" <mha@xxxxxxxxxxxxxx> > > 11/14/2006 10:22 AM > > > > To > > <koppelp@xxxxxxxxxxxxx>, <pgsql-general@xxxxxxxxxxxxxx> > > > cc > > > > > Subject > > RE: [GENERAL] kerberos authentication error with Windows 2003 SP1 AD > > > > My operating system is Red Hat Linux AS 4, Kerberos 5, with > > postgresql-7.4.14 that I compiled. I can authenticate using > ssh, su, > > console login, and also have gotten apache mod_auth_kerb to > work with > > AD - but I am missing something with postgresql. When I try: > > > > [pkoppe01@ipswich ~]$ /usr/local/pgsql/bin/psql -d test -h ipswich > > psql: Kerberos 5 authentication failed > > > > For the configure step, I did (needed the include statement > to prevent > > an error about comm_err.h): > > > > [koppel@ipswich postgresql-7.4.14]$ ./configure --with-java > > --with-krb5 --with-includes=/usr/include/et > > > > The make proceeded normally. > > > > My pg_hba.conf looks like this (with pkoppe01 defined in Active > > Directory but not defined in postgres using "createuser") > > > > local all all trust > > host test pkoppe01 192.168.1.0 255.255.255.0 krb5 > > > > Also have "tcpip_socket = true" and the postgres keytab > referenced in > > postgresql.conf and the keytab file itself owned by postgres. > > > > When I try the psql command above (as pkoppe01) I do get > the service > > ticket for postgres: > > > > [pkoppe01@ipswich ~]$ klist > > Ticket cache: FILE:/tmp/krb5cc_501_LCzZ1P Default principal: > > pkoppe01@xxxxxxxxxxx > > > > Valid starting Expires Service principal > > 11/13/06 11:17:25 11/13/06 21:17:28 > > krbtgt/PRIVATE.LAN@xxxxxxxxxxx renew until 11/14/06 11:17:25 > > 11/13/06 11:19:02 11/13/06 21:17:28 > > postgres/ipswich.private.lan@xxxxxxxxxxx > > renew until 11/14/06 11:17:25 > > > > Any ideas would be greatly appreciated. Thanks in advance. > > Please feel free to email me directly as I just joined the list and > > don't know my way around yet. > > The server log from postgresql should give some more information. > > //Magnus > > >
