PG 8.3 and kerberos failures
От | Peter Koczan |
---|---|
Тема | PG 8.3 and kerberos failures |
Дата | |
Msg-id | 4544e0330804170940j45035b17s42071d7b2358ae80@mail.gmail.com обсуждение исходный текст |
Ответы |
Re: PG 8.3 and kerberos failures
("Peter Koczan" <pjkoczan@gmail.com>)
|
Список | pgsql-admin |
Hi all, I just upgraded one of my servers and I'm having a bit of trouble getting some of the kerberos authentication bits working. Specifically, any Kerberos instance run out of a v5srvtab doesn't work so well. Using stashed tickets or normal principals worked fine. Gritty details follow. Peter Here are details from the specific v5srvtab's... [root@sensei postgres]# klist -k -t /etc/v5srvtab.wsbackup Keytab name: FILE:/etc/v5srvtab.wsbackup KVNO Timestamp Principal ---- ----------------- -------------------------------------------------------- 13 12/20/07 15:56:11 wsbackup/sensei.cs.wisc.edu@CS.WISC.EDU [root@sensei postgres]# klist -k -t /etc/v5srvtab Keytab name: FILE:/etc/v5srvtab KVNO Timestamp Principal ---- ----------------- -------------------------------------------------------- 13 12/20/07 15:56:11 host/sensei.cs.wisc.edu@CS.WISC.EDU 13 12/20/07 15:56:11 rcmd/sensei.cs.wisc.edu@CS.WISC.EDU 13 12/20/07 15:56:11 telnet/sensei.cs.wisc.edu@CS.WISC.EDU 13 12/20/07 15:56:11 ftp/sensei.cs.wisc.edu@CS.WISC.EDU 13 12/20/07 15:56:11 pop/sensei.cs.wisc.edu@CS.WISC.EDU 13 12/20/07 15:56:11 wsbackup/sensei.cs.wisc.edu@CS.WISC.EDU 12 12/20/07 15:56:11 auth/sensei.cs.wisc.edu@CS.WISC.EDU 8 12/20/07 15:56:11 postgres/sensei.cs.wisc.edu@CS.WISC.EDU Here's the error from the syslog... Apr 17 11:18:39 sensei postgres[4486]: [3-1] LOG: connection received: host=mitchell.cs.wisc.edu port=56925 Apr 17 11:18:39 sensei postgres[4486]: [4-1] LOG: unexpected Kerberos user name received from client (received "wsbackup", expected "wsbackup/mitchell.cs.wisc.edu") Apr 17 11:18:39 sensei postgres[4486]: [5-1] FATAL: Kerberos 5 authentication failed for user "wsbackup" Apr 17 11:18:39 sensei postgres[4488]: [3-1] LOG: connection received: host=mitchell.cs.wisc.edu port=56926 Apr 17 11:18:39 sensei postgres[4488]: [4-1] FATAL: no pg_hba.conf entry for host "128.105.207.19", user "wsbackup", database "sushi", SSL off Here's the relevant bit from my pg_hba.conf. For compatibility, I'm using krb5 instead of gss until everything is upgraded from 8.2. If using gss authentication will work, please let me know. hostssl all all 128.105.0.0/16 krb5 hostssl all all 198.133.224.0/24 krb5 And from postgresql.conf... # - Security & Authentication - #authentication_timeout = 1min # 1s-600s ssl = on # (change requires restart) #ssl_ciphers = 'ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH' # Allowed SSL ciphers # (change requires restart) #password_encryption = on krb_realm = 'CS.WISC.EDU' #db_user_namespace = off # Kerberos and GSSAPI krb_server_keyfile = '/etc/v5srvtab.postgres' # (change requires restart) #krb_srvname = 'postgres' # (change requires restart, kerberos onl y) #krb_server_hostname = '' # empty string matches any keytab entry # (change requires restart, kerberos onl y) #krb_caseins_users = off # (change requires restart)
В списке pgsql-admin по дате отправления:
Предыдущее
От: "Mikko Partio"Дата:
Сообщение: Re: FATAL: could not open relation xxx: No such file or directory