| From: | rahimeh khodadadi <rahimeh(dot)khodadadi(at)gmail(dot)com> |
|---|---|
| To: | pgsql-admin(at)postgresql(dot)org |
| Subject: | Re: configuration kerberos in Postgre sql |
| Date: | 2009-10-12 11:42:23 |
| Message-ID: | bbeb3140910120442p19b26a2ax6fcda5f1599f512e@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
nobody could help me?
On Sun, Oct 11, 2009 at 5:06 PM, rahimeh khodadadi <
rahimeh(dot)khodadadi(at)gmail(dot)com> wrote:
> Hi,
>
> after compling the postgresql --with-krb5 and setting up the krb5-server
> in centos, I configured the *postgresql.conf* as bellow:
>
> *krb_server_keyfile = '/var/kerberos/krb5kdc/kadm5.keytab'*
> *krb_srvname = 'POSTGRES' * # (Kerberos only)
> #krb_caseins_users = off
>
> and
>
> my *pg_hba.conf* is :
>
> # "local" is for Unix domain socket connections only
> local all postgres trust
> # IPv4 local connections:
> host all *frank* 0.0.0.0/0 krb5
> #host all all 127.0.0.1/32 trust
> # IPv6 local connections:
> host all all ::1/128 trust
>
>
> ,and kdc.conf
>
> kdcdefaults]
> v4_mode = nopreauth
> kdc_tcp_ports = 88
>
> [realms]
> EXAMPLE.COM = {
> #master_key_type = des3-hmac-sha1
> * acl_file = /var/kerberos/krb5kdc/kadm5.acl*
> dict_file = /usr/share/dict/words
> admin_keytab = /var/kerberos/krb5kdc/kadm5.keytab
> supported_enctypes = des3-hmac-sha1:normal arcfour-hmac:normal
> des-hmac-sha1:normal des-cbc-md5:normal des-cbc-crc:normal des-cbc-crc:v4
> des-cbc-crc:afs3
> }
>
> Then, I created the user frank as :
>
> kadmin.local
> Authenticating as principal rahimeh/admin(at)EXAMPLE(dot)COM with password.
> kadmin.local: * ank frank*
> WARNING: no policy specified for frank(at)EXAMPLE(dot)COM; defaulting to no
> policy
> Enter password for principal "frank(at)EXAMPLE(dot)COM":
> Re-enter password for principal "frank(at)EXAMPLE(dot)COM":
>
> *kadmin.local: ktadd -k /var/kerberos/krb5kdc/kadm5.keytab frank*
> Entry for principal frank with kvno 2, encryption type Triple DES cbc mode
> with HMAC/sha1 added to keytab WRFILE:/var/kerberos/krb5kdc/kadm5.keytab.
> Entry for principal frank with kvno 2, encryption type ArcFour with
> HMAC/md5 added to keytab WRFILE:/var/kerberos/krb5kdc/kadm5.keytab.
> Entry for principal frank with kvno 2, encryption type DES with HMAC/sha1
> added to keytab WRFILE:/var/kerberos/krb5kdc/kadm5.keytab.
> Entry for principal frank with kvno 2, encryption type DES cbc mode with
> RSA-MD5 added to keytab WRFILE:/var/kerberos/krb5kdc/kadm5.keytab.
>
> Finally, it gives error like:
>
> [root(at)localhost ~]# *kinit frank* -t /var/kerberos/krb5kdc/kadm5.keytab
> Password for frank(at)EXAMPLE(dot)COM:
> *kinit(v5): Password incorrect while getting initial credentials*
>
> or
>
> in cmd when I run this instruction the below error is shown.
>
> [root(at)localhost bin]# ./psql -h 127.0.0.1 -U frank
> *psql: krb5_sendauth: Bad application version was sent (via sendauth)*
>
>
> Please help me.
>
>
>
> --
> With Best Regards
> Miss.KHodadadi
>
--
With Best Regards
Miss.KHodadadi
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Thorne, Francis | 2009-10-12 12:10:04 | How to size a log file partition |
| Previous Message | idris khanafi | 2009-10-12 09:29:35 | Error when running PG_DUMP |