local kerberos authentication?

Поиск
Список
Период
Сортировка
От Peter Koczan
Тема local kerberos authentication?
Дата
Msg-id 4692DC2C.3080903@gmail.com
обсуждение исходный текст
Ответы Re: local kerberos authentication?
Re: local kerberos authentication?
Список pgsql-admin
Дерево обсуждения 
Hi all,

I would like to, but can't seem to get Kerberos working for local
connections.

Here are the last few lines of my pg_hba.conf

# TYPE  DATABASE    USER        IP-ADDRESS        IP_MASK           METHOD
local   all         all                                             krb5
hostssl all         all         128.105.0.0       255.255.0.0       krb5
hostssl all         all         198.133.224.0     255.255.255.0     krb5

Here's what trying to connect got me (first locally, then via the
network and SSL).

[koczan@mitchell(1)] ~ $ psql postgres
psql: FATAL:  missing or erroneous pg_hba.conf file
HINT:  See server log for details.
[koczan@mitchell(2)] ~ $ psql -h mitchell -p 5432 postgres
psql: FATAL:  missing or erroneous pg_hba.conf file
HINT:  See server log for details.

And here are the last few lines of the server log.

Jul  9 19:58:16 mitchell postgres[10730]: [2-1] LOG:  connection
received: host=mitchell.cs.wisc.edu port=53829
Jul  9 19:58:16 mitchell postgres[10730]: [3-1] LOG:  missing field in
file "/scratch.1/postgres/testing-8.2/pg_hba.conf" at end of line 69
Jul  9 19:58:16 mitchell postgres[10730]: [4-1] FATAL:  missing or
erroneous pg_hba.conf file
Jul  9 19:58:16 mitchell postgres[10730]: [4-2] HINT:  See server log
for details.
Jul  9 19:58:16 mitchell postgres[10731]: [2-1] LOG:  connection
received: host=mitchell.cs.wisc.edu port=53830
Jul  9 19:58:16 mitchell postgres[10731]: [3-1] LOG:  missing field in
file "/scratch.1/postgres/testing-8.2/pg_hba.conf" at end of line 69
Jul  9 19:58:16 mitchell postgres[10731]: [4-1] FATAL:  missing or
erroneous pg_hba.conf file
Jul  9 19:58:16 mitchell postgres[10731]: [4-2] HINT:  See server log
for details.

If I change the method to trust, it works, so it looks like krb5 isn't
supported for local connections, at least not on the surface. I'd also
like to get away from trust authentication because of the wonderful
security problems it entails.

Has anyone done this? Is this even possible? It's not a huge deal if it
can't be done, but I'd like to know.

Peter

В списке pgsql-admin по дате отправления: