Hello All,
I am trying to configure PostgreSQL9.6 (On Centos 7.4) with Kerberos (Active Directory) via GSSAPI authentication and I’m getting the following error:
[postgres@hostname data]$ psql -h hostname -U USERNAME@DOMAIN.COM postgres
psql: GSSAPI continuation error: Unspecified GSS failure. Minor code may provide more information
GSSAPI continuation error: Server not found in Kerberos database
I did the following configuration:
1.- Create KeyTab in Active Directory:
ktpass -out postgres_instance.keytab -princ postgres/hostnamename.domain.com@DOMAIN.COM -mapUser svcPostgres -pass <password> -crypto all -ptype KRB5_NT_PRINCIPAL
2.- Copy the keytab to Linux Server on $PGDATA and change the privileges to postgres:postgres
3.- Configure postgresql.conf
krb_server_keyfile = '/<INSTANCA_NAME>/data/postgres_instance.keytab
4.- Configure /etc/krb5.conf
5.- Request a ticket to the KDC server using kinit (this work OK!)
[postgres@hostname ~]$ klist
Ticket cache: KEYRING:persistent:26:krb_ccache_AO0Y1kx
Default principal: USERNAME@DOMAIN.COM
Valid starting Expires Service principal
01/30/2018 11:01:59 01/30/2018 21:01:59 krbtgt/DOMAIN.COM@DOMAIN.COM
renew until 02/06/2018 11:01:55
6.- Configure pg_hba.conf
host all all 0.0.0.0/0 gss include_realm=1
7.- Create user in PG to test:
create user “USERNAME@DOMAIN.COM” WITH SUPERUSER;
8.- Testing
[postgres@hostname data]$ psql -h hostname -U USERNAME@DOMAIN.COM postgres
psql: GSSAPI continuation error: Unspecified GSS failure. Minor code may provide more information
GSSAPI continuation error: Server not found in Kerberos database
I tried generate the Keytab with “postgres” and “POSTGRES” user as a SPN but I get the same error.
Any suggestion is welcome!
Thanks in advance for your help!
Jorge