| From: | Ryan Underwood <nemesis-lists(at)icequake(dot)net> |
|---|---|
| To: | pgsql-admin(at)postgresql(dot)org |
| Subject: | kerberos 5: wrong principal |
| Date: | 2007-01-24 20:52:30 |
| Message-ID: | 20070124205230.GA17300@dbz.icequake.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
I am having some trouble transitioning from a pam_krb5 setup to native
Kerberos 5.
What is the meaning of the following error:
2007-01-24 14:42:35 [3780] LOG: connection received: host=216.229.91.242 port=4744
2007-01-24 14:42:35 [3780] LOG: Kerberos recvauth returned error -1765328240
postgres: Wrong principal in request from krb5_recvauth
2007-01-24 14:42:35 [3780] FATAL: Kerberos5 authentication failed for
user "nemesis"
- I have enabled krb_server_keyfile = '/etc/postgresql/krb5.keytab'
- I exported the keys for both host/host.domain and postgres/host.domain principals into that keytab
- The keytab is 640 root:postgres
This is postgres 7.4 but I tried 8.1 with no improvement.
The user account does exist and he can login if I use pam_krb5 instead
of native krb5. With native krb5, the client can not log in with or
without a TGT.
I tried stracing the postmaster process and it opens the krb5.conf file,
but does not appear to ever connect to the KDC before returning the
error to the client:
$ psql -h db -l
psql: Kerberos 5 authentication failed
Any ideas?
--
Ryan Underwood, <nemesis(at)icequake(dot)net>
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Joshua D. Drake | 2007-01-24 22:49:27 | Re: pg_restore speed |
| Previous Message | Campbell, Lance | 2007-01-24 20:45:26 | Logging just SQL commands in an SQL script format |