Re: BUG #4824: KRB5/GSSAPI authentication fails when user != principal
От | Peter Koczan |
---|---|
Тема | Re: BUG #4824: KRB5/GSSAPI authentication fails when user != principal |
Дата | |
Msg-id | 4544e0330905271340h592749f9qb8e64c467c774fc3@mail.gmail.com обсуждение исходный текст |
Ответ на | Re: BUG #4824: KRB5/GSSAPI authentication fails when user != principal (Magnus Hagander <magnus@hagander.net>) |
Список | pgsql-bugs |
I don't know if it's much use now, but here you go. On Wed, May 27, 2009 at 3:15 PM, Magnus Hagander <magnus@hagander.net> wrote: > We are certainly *supposed* to do that. And we have been doing that. So > if that's not done, it's been broken in 8.4 (most likely by me). > > Peter, are you using gssapi or krb5? Only krb5 has changed wrt libpq, > but from your messages it looks like you have gssapi? gssapi > Can you show us your pg_hba.conf file, and all lines with krb in them > from postgresql.conf? pg_hba.conf # this part disables remote "postgres" superuser connections hostssl all postgres 127.0.0.1/32 gss hostssl all postgres 128.105.207.19/32 gss hostssl all postgres 128.105.0.0/16 reject hostssl all postgres 198.133.224.0/24 reject # this part enables non-superuser connections hostssl all nobody 128.105.0.0/16 trust hostssl all nobody 198.133.224.0/24 trust hostssl all all 128.105.0.0/16 gss hostssl all all 198.133.224.0/24 gss postgresql.conf # Kerberos and GSSAPI krb_server_keyfile = '/etc/v5srvtab.postgres' #krb_srvname = 'postgres' # (Kerberos only) #krb_caseins_users = off > Also, can you try it with the server set to log at DEBUG4, and let us > know what output you get? Connecting like this... [koczan@ator] koczan $ /s/postgresql-8.4-beta/bin/psql -h mitchell -p 49173 -U strivia postgres Produced this in the syslog. May 27 15:37:29 mitchell postgres[30574]: [624-1] DEBUG: forked new backend, pid=30609 socket=8 May 27 15:37:29 mitchell postgres[30609]: [624-1] LOG: connection received: host=ator.cs.wisc.edu port=44228 May 27 15:37:29 mitchell postgres[30609]: [625-1] DEBUG: SSL connection from "(anonymous)" May 27 15:37:29 mitchell postgres[30609]: [626-1] DEBUG: Processing received GSS token of length 477 May 27 15:37:29 mitchell postgres[30609]: [627-1] DEBUG: sending GSS response token of length 114 May 27 15:37:29 mitchell postgres[30609]: [628-1] DEBUG: sending GSS token of length 114 May 27 15:37:29 mitchell postgres[30609]: [629-1] LOG: provided username (koczan) and authenticated username (strivia) don't match May 27 15:37:29 mitchell postgres[30609]: [630-1] LOG: connection authorized: user=strivia database=postgres May 27 15:37:29 mitchell postgres[30609]: [631-1] DEBUG: postgres child[30609]: starting with ( May 27 15:37:29 mitchell postgres[30609]: [632-1] DEBUG: postgres May 27 15:37:29 mitchell postgres[30609]: [633-1] DEBUG: -v196608 May 27 15:37:29 mitchell postgres[30609]: [634-1] DEBUG: -y May 27 15:37:29 mitchell postgres[30609]: [635-1] DEBUG: postgres May 27 15:37:29 mitchell postgres[30609]: [636-1] DEBUG: ) May 27 15:37:29 mitchell postgres[30609]: [637-1] DEBUG: InitPostgres May 27 15:37:29 mitchell postgres[30609]: [638-1] DEBUG: my backend id is 1 May 27 15:37:29 mitchell postgres[30609]: [639-1] DEBUG: StartTransaction May 27 15:37:29 mitchell postgres[30609]: [640-1] DEBUG: name: unnamed; blockState: DEFAULT; state: INPROGR, xid/subid/cid: 0/1/0, nestlvl: 1, children: May 27 15:37:29 mitchell postgres[30609]: [641-1] DEBUG: CommitTransaction May 27 15:37:29 mitchell postgres[30609]: [642-1] DEBUG: name: unnamed; blockState: STARTED; state: INPROGR, xid/subid/cid: 0/1/0, nestlvl: 1, children: .... May 27 15:37:55 mitchell postgres[30574]: [625-1] DEBUG: reaping dead processes May 27 15:37:55 mitchell postgres[30574]: [626-1] DEBUG: server process (PID 30612) exited with exit code 0 May 27 15:38:24 mitchell postgres[30609]: [643-1] DEBUG: shmem_exit(0) May 27 15:38:24 mitchell postgres[30609]: [644-1] DEBUG: proc_exit(0) May 27 15:38:24 mitchell postgres[30609]: [645-1] LOG: disconnection: session time: 0:00:54.389 user=strivia database=postgres host=ator.cs.wisc.edu port=44228 May 27 15:38:24 mitchell postgres[30609]: [646-1] DEBUG: SSL: write alert (0x0100) May 27 15:38:24 mitchell postgres[30609]: [647-1] DEBUG: exit(0) May 27 15:38:24 mitchell postgres[30609]: [648-1] DEBUG: shmem_exit(-1) May 27 15:38:24 mitchell postgres[30609]: [649-1] DEBUG: proc_exit(-1) Peter
В списке pgsql-bugs по дате отправления:
Предыдущее
От: Magnus HaganderДата:
Сообщение: Re: BUG #4824: KRB5/GSSAPI authentication fails when user != principal