The following bug has been logged online:
Bug reference: 5958
Logged by: jack liu
Email address: liubin0123@gmail.com
PostgreSQL version: 8.4.6
Operating system: windows xp sp3,redhat Enterprise 5
Description: Connection error when authentication is kerberos
Details:
Hi,there
I meet an error about authication is kerberos in windows.
and i try to use the newest version 9.0.3,this error reappear.
so i guess this may be a bug.
i use two pc about this experiment.
pc1: Kerberos server(KDC) ip:192.168.8.243
pc2: postgres.exe and psql ip:192.168.1.27
pc1 is a RedHat enterprise 5 linux,for issue TGT and ticket to pc2's
postgres and psql,and i can success get a TGT by user mit's
kerberos tools packet.
pc2 is a windows xp3 workstation,and i modify the file pg_hba.conf like
that:
# TYPE DATABASE USER CIDR-ADDRESS METHOD
# IPv4 local connections:
host all all 127.0.0.1/32 trust
host all all 192.168.0.0/16 krb5
# IPv6 local connections:
#host all all ::1/128 trust
and i also modify postgresql.conf
krb_server_keyfile = 'D:/pg_debug/etc/kadm5.keytab'
kadm5.keytab is a key table that copy from KDC server by
kadmin.local:ktadd -k kadm5.keytab postgres/test.example.com
step 1: start postgres:
postgres.exe -D ../data -h 192.168.1.27
step 2: get a database user's TGT
kinit -5 jack
step 3: psql to postgres's database test
psql -U jack -h 192.168.1.27 test
then,the error appear:
postgres:
--------------------------------------------
LOG: Kerberos recvauth returned error 10035
postgres: operations on nonblocking sockets that cannot be completed
immediately.from krb5_recvauth
FATAL: Kerberos 5 authentication failed for user "jack"
--------------------------------------------
psql:
--------------------------------------------
psql: krb5_sendauth:An existing connection was forcibly closed by the remote
host
--------------------------------------------
and i search msdn error number pages:
http://msdn.microsoft.com/en-us/library/ms740668(v=vs.85).aspx
postgres's error number :10035 WSAEWOULDBLOCK
psql's error number:10054 WSAECONNRESET
i guess server's socket setting is block however client socket is
non-block,but i search fe-auth.c
and found in pg_krb5_sendauth() there have a pg_set_block(conn->sock).
the error does not exist while postgres and psql run in linux environment.
Is that problem did not handle it in windows?