Skip site navigation (1) Skip section navigation (2)

BUG #5958: Connection error when authentication is kerberos

From: "jack liu" <liubin0123(at)gmail(dot)com>
To: pgsql-bugs(at)postgresql(dot)org
Subject: BUG #5958: Connection error when authentication is kerberos
Date: 2011-03-30 02:58:38
Message-ID: 201103300258.p2U2wcIt090611@wwwmaster.postgresql.org (view raw or flat)
Thread:
Lists: pgsql-bugs
The following bug has been logged online:

Bug reference:      5958
Logged by:          jack liu
Email address:      liubin0123(at)gmail(dot)com
PostgreSQL version: 8.4.6
Operating system:   windows xp sp3,redhat Enterprise 5
Description:        Connection error when authentication is kerberos
Details: 

Hi,there

I meet an error about authication is kerberos in windows.
and i try to use the newest  version 9.0.3,this error reappear.
so i guess this may be a bug.

i use two pc about this experiment.

pc1: Kerberos server(KDC)  	ip:192.168.8.243
pc2: postgres.exe and psql 	ip:192.168.1.27

pc1 is a RedHat enterprise 5 linux,for issue TGT and ticket to pc2's
postgres and psql,and i can success get a TGT by user mit's 

kerberos tools packet.

pc2 is a windows xp3 workstation,and i modify the file pg_hba.conf like
that:

# TYPE  DATABASE    USER        CIDR-ADDRESS          METHOD

# IPv4 local connections:
host    all         all         127.0.0.1/32          trust
host    all         all         192.168.0.0/16          krb5
# IPv6 local connections:
#host    all         all         ::1/128               trust

and i also modify postgresql.conf

krb_server_keyfile = 'D:/pg_debug/etc/kadm5.keytab'

kadm5.keytab is a key table that copy from KDC server by 
kadmin.local:ktadd -k kadm5.keytab	postgres/test.example.com 

step 1: start postgres:
postgres.exe -D ../data -h 192.168.1.27

step 2: get a database user's TGT
kinit -5 jack

step 3: psql to postgres's database test
psql -U jack -h 192.168.1.27 test

then,the error appear:
postgres:
--------------------------------------------
LOG:  Kerberos recvauth returned error 10035
postgres: operations on nonblocking sockets that cannot be completed
immediately.from krb5_recvauth
FATAL: Kerberos 5 authentication failed for user "jack"
--------------------------------------------
psql:
--------------------------------------------
psql: krb5_sendauth:An existing connection was forcibly closed by the remote
host
--------------------------------------------
and i search msdn error number pages:
http://msdn.microsoft.com/en-us/library/ms740668(v=vs.85).aspx

postgres's error number :10035	WSAEWOULDBLOCK
psql's error number:10054	WSAECONNRESET

i guess server's socket setting is block however client socket is
non-block,but i search fe-auth.c
and found in pg_krb5_sendauth() there have a pg_set_block(conn->sock).

the error does not exist while postgres and psql run in linux environment.

Is that problem  did not handle it in windows?

pgsql-bugs by date

Next:From: Per-Olov EsgardDate: 2011-03-30 10:39:08
Subject: BUG #5959: pg_restore --use-list does not always work with a pg_restore generated TOC file
Previous:From: Grzegorz SzpetkowskiDate: 2011-03-30 01:20:11
Subject: BUG #5957: createdb with description and md5 auth forces to provide password twice

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group