Skip site navigation (1) Skip section navigation (2)

kerberos 5: wrong principal

From: Ryan Underwood <nemesis-lists(at)icequake(dot)net>
To: pgsql-admin(at)postgresql(dot)org
Subject: kerberos 5: wrong principal
Date: 2007-01-24 20:52:30
Message-ID: 20070124205230.GA17300@dbz.icequake.net (view raw or flat)
Thread:
Lists: pgsql-admin
I am having some trouble transitioning from a pam_krb5 setup to native
Kerberos 5.

What is the meaning of the following error:
2007-01-24 14:42:35 [3780] LOG:  connection received: host=216.229.91.242 port=4744
2007-01-24 14:42:35 [3780] LOG:  Kerberos recvauth returned error -1765328240
postgres: Wrong principal in request from krb5_recvauth
2007-01-24 14:42:35 [3780] FATAL:  Kerberos5 authentication failed for
user "nemesis"

- I have enabled krb_server_keyfile = '/etc/postgresql/krb5.keytab'
- I exported the keys for both host/host.domain and postgres/host.domain principals into that keytab
- The keytab is 640 root:postgres

This is postgres 7.4 but I tried 8.1 with no improvement.
The user account does exist and he can login if I use pam_krb5 instead
of native krb5.  With native krb5, the client can not log in with or
without a TGT.

I tried stracing the postmaster process and it opens the krb5.conf file,
but does not appear to ever connect to the KDC before returning the
error to the client:
$ psql -h db -l
psql: Kerberos 5 authentication failed

Any ideas?

-- 
Ryan Underwood, <nemesis(at)icequake(dot)net>

pgsql-admin by date

Next:From: Joshua D. DrakeDate: 2007-01-24 22:49:27
Subject: Re: pg_restore speed
Previous:From: Campbell, LanceDate: 2007-01-24 20:45:26
Subject: Logging just SQL commands in an SQL script format

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group