From: | Stephen Frost <sfrost(at)snowman(dot)net> |
---|---|
To: | Craig Ringer <craig(at)postnewspapers(dot)com(dot)au> |
Cc: | rahimeh khodadadi <rahimeh(dot)khodadadi(at)gmail(dot)com>, PG-General Mailing List <pgsql-general(at)postgresql(dot)org> |
Subject: | Re: Fwd: psql+krb5 |
Date: | 2009-12-02 01:45:56 |
Message-ID: | 20091202014556.GS17756@tamriel.snowman.net |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-docs pgsql-general pgsql-hackers pgsql-odbc |
* Craig Ringer (craig(at)postnewspapers(dot)com(dot)au) wrote:
> I've dropped all your cross-posts; this is just going to PgSQL-general.
Thanks for that.
> On 30/11/2009 3:29 PM, rahimeh khodadadi wrote:
>
>> psql: *krb5_sendauth: Bad application version was sent (via sendauth)*
>
> Also: a search for your error message finds this post, which, while
> related to a Windows kerberos server, seems to apply:
It's the same kind of issue (wrong service name), but I think the real
problem is this:
krb_srvname = 'postgres/star(at)EXAMPLE(dot)COM'
The documentation, I think, is pretty clear:
http://www.postgresql.org/docs/8.4/interactive/auth-methods.html#KERBEROS-AUTH
PostgreSQL operates like a normal Kerberos service. The name of the
service principal is servicename/hostname(at)realm(dot)
servicename can be set on the server side using the krb_srvname
configuration parameter
The above should just be:
krb_srvname = 'postgres'
Or, better, just removed. Unless you're running under a Microsoft
Active Directory Kerberos environment, the default should 'just work'.
Additionally, this is also almost certainly wrong:
krb_server_hostname = 'star'
Again, referring to the same documentation:
hostname is the fully qualified host name of the server machine.
You really should have a proper FQDN set for this system. I would also
recommend using a real domain rather than 'EXAMPLE.COM'. Also, I didn't
see the version of PostgreSQL, but if you're using something recent your
auth method should really be 'gss' instead of 'krb5'.
> I don't know much about Kerberos, not I suspect do all that many people
> on the list, so I can't be of any more help.
Unfortunately, I don't pay as close attention to the lists as I wish I
could. Kerberos with PG is actually a solution I typically recommend.
Thanks,
Stephen
From | Date | Subject | |
---|---|---|---|
Next Message | rahimeh khodadadi | 2009-12-02 06:40:43 | Re: Fwd: psql+krb5 |
Previous Message | Craig Ringer | 2009-12-02 01:04:34 | Re: Fwd: psql+krb5 |
From | Date | Subject | |
---|---|---|---|
Next Message | weixiang tam | 2009-12-02 02:15:28 | customize Postgres install issue |
Previous Message | Craig Ringer | 2009-12-02 01:29:16 | Re: how to install just client libraries on windows? |
From | Date | Subject | |
---|---|---|---|
Next Message | KaiGai Kohei | 2009-12-02 01:52:20 | Re: SE-PgSQL patch review |
Previous Message | Greg Stark | 2009-12-02 01:13:50 | Re: Block-level CRC checks |
From | Date | Subject | |
---|---|---|---|
Next Message | rahimeh khodadadi | 2009-12-02 06:40:43 | Re: Fwd: psql+krb5 |
Previous Message | Craig Ringer | 2009-12-02 01:20:17 | Re: Hi! |