Re: kerberos authentication error with Windows 2003 SP1 AD

> My operating system is Red Hat Linux AS 4, Kerberos 5, with
> postgresql-7.4.14 that I compiled. I can authenticate using
> ssh, su, console login, and also have gotten apache
> mod_auth_kerb to work with AD - but I am missing something
> with postgresql. When I try:
>
> [pkoppe01(at)ipswich ~]$ /usr/local/pgsql/bin/psql -d test -h ipswich
> psql: Kerberos 5 authentication failed
>
> For the configure step, I did (needed the include statement
> to prevent an error about comm_err.h):
>
> [koppel(at)ipswich postgresql-7.4.14]$ ./configure --with-java
> --with-krb5 --with-includes=/usr/include/et
>
> The make proceeded normally.
>
> My pg_hba.conf looks like this (with pkoppe01 defined in
> Active Directory but not defined in postgres using "createuser")
>
> local all all trust
> host test pkoppe01 192.168.1.0 255.255.255.0 krb5
>
> Also have "tcpip_socket = true" and the postgres keytab
> referenced in postgresql.conf and the keytab file itself
> owned by postgres.
>
> When I try the psql command above (as pkoppe01) I do get the
> service ticket for postgres:
>
> [pkoppe01(at)ipswich ~]$ klist
> Ticket cache: FILE:/tmp/krb5cc_501_LCzZ1P Default principal:
> pkoppe01(at)PRIVATE(dot)LAN
>
> Valid starting Expires Service principal
> 11/13/06 11:17:25 11/13/06 21:17:28
> krbtgt/PRIVATE(dot)LAN(at)PRIVATE(dot)LAN renew until 11/14/06 11:17:25
> 11/13/06 11:19:02 11/13/06 21:17:28
> postgres/ipswich(dot)private(dot)lan(at)PRIVATE(dot)LAN
> renew until 11/14/06 11:17:25
>
> Any ideas would be greatly appreciated. Thanks in advance.
> Please feel free to email me directly as I just joined the
> list and don't know my way around yet.

The server log from postgresql should give some more information.

//Magnus