Skip site navigation (1) Skip section navigation (2)

Re: GSSAPI Authentication Problem

From: Stephen Frost <sfrost(at)snowman(dot)net>
To: John Slattery <johntslattery(at)gmail(dot)com>
Cc: pgsql-odbc(at)postgresql(dot)org
Subject: Re: GSSAPI Authentication Problem
Date: 2012-08-03 21:41:24
Message-ID: 20120803214124.GJ1267@tamriel.snowman.net (view raw or flat)
Thread:
Lists: pgsql-odbc
John,

* John Slattery (johntslattery(at)gmail(dot)com) wrote:
> Following is the information you suggested reporting. The test is with
> 'User Name' = 'john'. I used a system DSN generated with the ODBC data
> source administrator. Before I set 'User Name' = 'john', I
> successfully tested the DSN with user csmprovver whose AD and PG names
> are identical with 'User Name' = ''.

After you have tried to connect, you might try running 'klist' on the
Windows system and reviewing the tickets to see if you acquired a ticket
for the postgres service.

In general, this does look very similar to our setup (which works just
fine).  I will say that we always use "include_realm=1" and then have
the mapping include the realm, eg:

pg_hba.conf:

host    all         all         0.0.0.0/0             gss include_realm=1 map=krbmap

pg_ident.conf:

krbmap        /^[mM]12345(at)REALM\(dot)ORG$     sfrost

In the end, however, it sounds like that's some kind of GSSAPI issue
that's causing trouble (hence the gssapi auth complaint in the server
log).  Is there any additional information around that error about what
the GSSAPI error is?  Have you tried increasing the verbosity of the
server messages to see if more information is provided?

	Thanks,

		Stephen

In response to

Responses

pgsql-odbc by date

Next:From: Stephen FrostDate: 2012-08-03 21:45:10
Subject: Re: GSSAPI Authentication Problem
Previous:From: John SlatteryDate: 2012-08-03 19:55:58
Subject: Re: GSSAPI Authentication Problem

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group