| From: | Poul Kristensen <bcc5226(at)gmail(dot)com> |
|---|---|
| To: | PostgreSQL General <pgsql-general(at)postgresql(dot)org> |
| Subject: | pg_hba.conf debugging or logging when using ldag to authenticate |
| Date: | 2016-12-19 15:17:36 |
| Message-ID: | CAAOuvVqm3BhNNj4wTTRnNDZV-SgaAQTfmBJ+we_iaiRAO2-J6g@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Hi !
Does anyone know how to log or debug authentication against ad?
A few years ago is it was possible to log everything to confirm using the
right KDC and the right principal and hereby be sure to send the right
userid possible concatenated with the realm.(I can't remember exacty) As
far as I can see this is not possible anymore. When using ldapsearch
everything works fine.But the ldap authentication does not help much as the
pg_log is just responting thd failure of credentials. Changing password
using Kerberos works fine(does this use the keytab or is the KDC issuing a
new ticket).
The documented examples is used using cn=gssapi, cn=auth
Is it possible to use cached ticket in the keytab option in postgresql.conf
when enabling the use of gssapi.
Sorry for a lot of questions but I thing there is a lack logs/debugging
facilities now. 4-5 years ago it was no problem.
Thanks
Poul
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Joseph Kregloh | 2016-12-19 16:58:43 | Re: Allow login on slave only |
| Previous Message | Melvin Davidson | 2016-12-19 14:30:26 | Re: pgAdmin 4 - auto disconnect |