Hello PG Admins,
I am new to postgres and also to the list. I am glad I found this domain list for help.
I am setting up streaming replication using Virtaul IP.
Server1 is primary which has its own server IP address
Server2 is standby which has its own server IP address
We created a virtual IP (say pgvip) which is different from server IPs. This IP will move between server1 and server2 to help provide application transparency. Application uses “pgvip”, so when the standby is converted to serve as primary, we move the virtual IP from server1 to server2 and simply bring up the application with no changes. That is the idea.
Everything works fine EXCEPT Kerberos client authentication. We put both server key (postgres/server1@fnal.gov) and VIP key (postgres/pgvip@fnal.gov) in the keytab but it still doesn’t work. When I specify physical hostname in the connect string of the client, Kerberos is able to authenticate. But when “pgvip” is used it fails.
Following is what I have in my postgresql.conf:
krb_server_keyfile = '/home/postgres/krb5/keytab'
krb_srvname = 'postgres’
I also tried krb_server_hostname in pg_hba file as below. It didn’t work either. May be this is supposed to work but it may be wrong syntactically.
host all mnunna 0.0.0.0/0 krb5 krb_server_hostname='minos-ecl-pgvip'
Please help. Is what we are trying supported in postgres? If so, please help me point in the right direction.
Thanks in advance for your help!
Murthy Nunna