Re: kerberos authentication error with Windows 2003 SP1 AD
Hi!
Wherever your pg_ctl command sets the logfiles, or syslog if you use
syslog etc.
(Note that you still need to define the user in PostgreSQL as well, but
that shoudl give a different error message)
//Magnus
Show quoted text
-----Original Message-----
From: koppelp@mir.wustl.edu [mailto:koppelp@mir.wustl.edu]
Sent: den 17 november 2006 23:18
To: Magnus Hagander
Subject: RE: [GENERAL] kerberos authentication error with
Windows 2003 SP1 ADHI Magnus-
Thanks for your reply. Which error log in postgres should I
look at? Do I need to configure postgres to add more detailed
logging? Thanks again for your help.Please include my email address in your reply.
-- pk
Inactive hide details for "Magnus Hagander"
<mha@sollentuna.net>"Magnus Hagander" <mha@sollentuna.net>"Magnus Hagander" <mha@sollentuna.net>
11/14/2006 10:22 AM
To
<koppelp@mir.wustl.edu>, <pgsql-general@postgresql.org>
cc
Subject
RE: [GENERAL] kerberos authentication error with Windows 2003 SP1 AD
My operating system is Red Hat Linux AS 4, Kerberos 5, with
postgresql-7.4.14 that I compiled. I can authenticate usingssh, su,
console login, and also have gotten apache mod_auth_kerb to
work with
AD - but I am missing something with postgresql. When I try:
[pkoppe01@ipswich ~]$ /usr/local/pgsql/bin/psql -d test -h ipswich
psql: Kerberos 5 authentication failedFor the configure step, I did (needed the include statement
to prevent
an error about comm_err.h):
[koppel@ipswich postgresql-7.4.14]$ ./configure --with-java
--with-krb5 --with-includes=/usr/include/etThe make proceeded normally.
My pg_hba.conf looks like this (with pkoppe01 defined in Active
Directory but not defined in postgres using "createuser")local all all trust
host test pkoppe01 192.168.1.0 255.255.255.0 krb5Also have "tcpip_socket = true" and the postgres keytab
referenced in
postgresql.conf and the keytab file itself owned by postgres.
When I try the psql command above (as pkoppe01) I do get
the service
ticket for postgres:
[pkoppe01@ipswich ~]$ klist
Ticket cache: FILE:/tmp/krb5cc_501_LCzZ1P Default principal:
pkoppe01@PRIVATE.LANValid starting Expires Service principal
11/13/06 11:17:25 11/13/06 21:17:28
krbtgt/PRIVATE.LAN@PRIVATE.LAN renew until 11/14/06 11:17:25
11/13/06 11:19:02 11/13/06 21:17:28
postgres/ipswich.private.lan@PRIVATE.LAN
renew until 11/14/06 11:17:25Any ideas would be greatly appreciated. Thanks in advance.
Please feel free to email me directly as I just joined the list and
don't know my way around yet.The server log from postgresql should give some more information.
//Magnus
Import Notes
Reply to msg id not found: OF6DB78C66.5D7299E8-ON86257229.007A346A-86257229.007A7A67@msnotes.wustl.edu
I am able to use kerberos authentication with Windows 20003 SP1 Active
Directory. I couldn't get Postgres 7.414 to work, but as soon as I
upgraded to 8.15, added my username to postgres (also set in Active
Directory), used POSTGRES as the service principal, I could login using
psql successfully.
Thanks for all who helped.
Paul Koppel
"Magnus Hagander"
<mha@sollentuna.n
et> To
<koppelp@mir.wustl.edu>
11/20/2006 04:16 cc
AM <pgsql-general@postgresql.org>
Subject
RE: [GENERAL] kerberos
authentication error with Windows
2003 SP1 AD
Hi!
Wherever your pg_ctl command sets the logfiles, or syslog if you use
syslog etc.
(Note that you still need to define the user in PostgreSQL as well, but
that shoudl give a different error message)
//Magnus
-----Original Message-----
From: koppelp@mir.wustl.edu [mailto:koppelp@mir.wustl.edu]
Sent: den 17 november 2006 23:18
To: Magnus Hagander
Subject: RE: [GENERAL] kerberos authentication error with
Windows 2003 SP1 ADHI Magnus-
Thanks for your reply. Which error log in postgres should I
look at? Do I need to configure postgres to add more detailed
logging? Thanks again for your help.Please include my email address in your reply.
-- pk
Inactive hide details for "Magnus Hagander"
<mha@sollentuna.net>"Magnus Hagander" <mha@sollentuna.net>"Magnus Hagander"
<mha@sollentuna.net>
Show quoted text
11/14/2006 10:22 AM
To
<koppelp@mir.wustl.edu>, <pgsql-general@postgresql.org>
cc
Subject
RE: [GENERAL] kerberos authentication error with Windows 2003 SP1 AD
My operating system is Red Hat Linux AS 4, Kerberos 5, with
postgresql-7.4.14 that I compiled. I can authenticate usingssh, su,
console login, and also have gotten apache mod_auth_kerb to
work with
AD - but I am missing something with postgresql. When I try:
[pkoppe01@ipswich ~]$ /usr/local/pgsql/bin/psql -d test -h ipswich
psql: Kerberos 5 authentication failedFor the configure step, I did (needed the include statement
to prevent
an error about comm_err.h):
[koppel@ipswich postgresql-7.4.14]$ ./configure --with-java
--with-krb5 --with-includes=/usr/include/etThe make proceeded normally.
My pg_hba.conf looks like this (with pkoppe01 defined in Active
Directory but not defined in postgres using "createuser")local all all trust
host test pkoppe01 192.168.1.0 255.255.255.0 krb5Also have "tcpip_socket = true" and the postgres keytab
referenced in
postgresql.conf and the keytab file itself owned by postgres.
When I try the psql command above (as pkoppe01) I do get
the service
ticket for postgres:
[pkoppe01@ipswich ~]$ klist
Ticket cache: FILE:/tmp/krb5cc_501_LCzZ1P Default principal:
pkoppe01@PRIVATE.LANValid starting Expires Service principal
11/13/06 11:17:25 11/13/06 21:17:28
krbtgt/PRIVATE.LAN@PRIVATE.LAN renew until 11/14/06 11:17:25
11/13/06 11:19:02 11/13/06 21:17:28
postgres/ipswich.private.lan@PRIVATE.LAN
renew until 11/14/06 11:17:25Any ideas would be greatly appreciated. Thanks in advance.
Please feel free to email me directly as I just joined the list and
don't know my way around yet.The server log from postgresql should give some more information.
//Magnus