Kerberos and fe-auth...
I don't think it's any surprise that I'm hot on kerberos (updated docs
will come, one thing at a time), however I'm really really really
supper annoyed with the fact that I can't specify a way for a host to
optionally use krb5 or optionally use password authentication. If
you've got kerberos compiled in, you're stuck using kerberos. Anyone
have any suggetions or preferred ways of handling libpq so that the
fe-auth can fail back to password if krb5 fail? Thanks. -sc
--
Sean Chittenden
Sean Chittenden writes:
I don't think it's any surprise that I'm hot on kerberos (updated docs
will come, one thing at a time), however I'm really really really
supper annoyed with the fact that I can't specify a way for a host to
optionally use krb5 or optionally use password authentication.
What??? Have you looked at pg_hba.conf recently?
--
Peter Eisentraut peter_e@gmx.net
I don't think it's any surprise that I'm hot on kerberos (updated docs
will come, one thing at a time), however I'm really really really
supper annoyed with the fact that I can't specify a way for a host to
optionally use krb5 or optionally use password authentication.What??? Have you looked at pg_hba.conf recently?
In pg_hba.conf:
host all 0.0.0.0 0.0.0.0 krb5
host all 0.0.0.0 0.0.0.0 password
And from the CLI:
klist
klist: No credentials cache found (ticket cache FILE:/tmp/krb5cc_80.1)
psql -h db1 dbname user
psql: fe_sendauth: krb5 authentication failed
The only way I can do something about that is to reverse the order of
the above entries in hba.conf, however, if I do that, then I can't use
krb5. One or the other, not both, and that's my problem... thoughts?
-sc
--
Sean Chittenden