From: | jaime soler <jaime(dot)soler(at)gmail(dot)com> |
---|---|
To: | pgsql-admin(at)postgresql(dot)org |
Subject: | GSSAPI auth issue with windows 7 client, postgresql 9.2.3 linux server |
Date: | 2014-01-14 12:32:24 |
Message-ID: | 1389702744.9086.55.camel@turing |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-admin |
Hi list,
I am able to successfully authenticate a Windows server AD user with
PostgreSQL 9.2.3 version from linux clients but It doesn't work with
Windows client.
First I logon windows 7, using a Active Directory's user, then I tried
to login to postgresql 9.2.3 server with psql:
psql -h hostname -p 5444
psql: SSPI continuation error: The encryption type requested is not
supported by the KDC. (80090342)
postgresql.log :
-1 log: connection received: host = 172.XXX.XXX.XXX port = 61877
-1FATAL: GSSAPI authentication failed for 'userXX' user
userXX exists in our postgresql server and pg_hba.conf applied to
172.XXX.XXX.XXX subnet is:
host all all 172.0.0.0/8 gss
Our postgresql.conf use keytab:
krb_server_keyfile = 'postgres.keytab'
And I have generated keytab with this ktpass command:
ktpass -out postgres.keytab -princ
postgres/hostname(at)domain -mapUser postgres -pass
XXX -crypto DES-CBC-MD5
The postgres user, exists in the Active Directory and it has a spn
defined:
C:\Users\Administrator>setspn -S postgres/hostname
domain\postgres
Checking domain DC=domain
Registering ServicePrincipalNames for CN=postgres,CN=Users,DC=domain
postgres/hostname
Updated object
If I login from a linux client to linux server, there is no problem:
[root(at)hostnane datos]# su - userXX
[userXX(at)hostname ~]$ klist
Ticket cache: FILE:/tmp/krb5cc_503
Default principal: userXX(at)domain
Valid starting Expires Service principal
12/11/13 08:42:04 12/11/13 18:42:09 krbtgt/domain(at)domain
renew until 12/18/13 08:42:04
12/11/13 08:42:43 12/11/13 18:42:09 postgres/hostname(at)domain
renew until 12/18/13 08:42:04
[userXX(at)u2vbddpg ~]$ psql -h 172.XX.XX.XX
psql (9.2.1.3)
Type "help" for help.
edb=>
Thanks
From | Date | Subject | |
---|---|---|---|
Next Message | Andrey Nikitin | 2014-01-14 12:36:53 | Taking hot backup of slave node in postgres (master-slave config with repmgr) |
Previous Message | Gabriele Bartolini | 2014-01-14 10:52:54 | Re: Upgrading cluster with thousands of DBs |